7th Annual IEEE Information Assurance Workshop

 21-23 June 2006

 "The West Point Workshop"

 United States Military Academy, West Point, New York
Chair:  LTC Ronald Dodge, Ronald.Dodge@usma.edu

http://www.itoc.usma.edu/workshop/2006
   

Home
Call for Papers
Papers
Posters
Submission
Registration
Travel
Lodging
Program
Vendor Info
Contacts
Photographs
   IAWorkshop 2006 START Conference Manager    

A Dynamically Modified Privilege Control Policy

qingni shen

The 7th IEEE Information Assurance Workshop (IAWorkshop 2006)
West Point, New York, USA, June 21-23, 2006

Abstract

In trusted systems, some tasks always need privileges to override or bypass security checks. Such privileges must be used in a controlled manner. Privilege control mechanism can provide a reasonable degree of security assurance for trusted systems. Role-based access control (RBAC) model supports privilege control with proper role assignments in a higher level, but lacks finer granularity and enough flexibility. This paper presents a dynamically modified privilege control policy named DMPC, which combines RBAC, domain and type enforcement (DTE) and POSIX capability mechanism. DMPC implements separation of duties as in RBAC and enforces domain separation protection as in DTE, and supports dynamical privilege control associated with the POSIX capability mechanism based on capability states of the subject’s role, domain and executed program. We describe the implementation of DMPC in xxOS, a secure operating system satisfying security function requirements of class B2 in TCSEC and assurance requirements of level EAL5 in CC.

  
START Conference Manager (V2.52.3)
Maintainer: rrgerber@softconf.com

 

   
         
The IEEE Information Assurance Workshop is sponsored by the IEEE Systems Man and Cybernetics Society, supported by the National Security Agency, and hosted by the Information Technology Operations Center, Department of Electrical Engineering and Computer Science, at the United States Military Academy, West Point, New York.