DYNAMIC MANDATORY ACCESS CONTROL FOR MULTIPLE STAKEHOLDERS

Open Access
Author:
Rao, Vikhyath
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
November 20, 2009
Committee Members:
  • Trent Ray Jaeger, Thesis Advisor
  • Patrick Drew Mcdaniel, Thesis Advisor
Keywords:
  • mobile phones
  • security
  • access control
  • multiple stakeholders
Abstract:
In this thesis, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc. However, current access control ad- ministration remains as either mandatory, requiring a single system administrator to know every possible permission, or discretionary, allowing possibly compromised processes to administer permissions. A key problem is that the system should limit arbitrary programs while allowing reasonable functionality. However, conflicting permissions and permission dependencies may lead to an attack, such as allowing voice-over-IP calls. In our approach, we use a "soft" sandboxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server. We incur a 0.288 microsecond performance overhead only when stakeholders need to be consulted, and new permissions are cached.