Title :
Extended BLP security model based on process reliability for secure Linux kernel
Author :
Kang, Jung-Min ; Shin, Wook ; Park, Chun-Gu ; Lee, Dong-Ik
Author_Institution :
Dept. of Inf. & Commun., Kwang-Ju Inst. of Sci. & Technol., Kwangju, South Korea
Abstract :
To design and develop secure operating systems, the BLP (Bell-La Padula) model has been widely adopted. However user´s security label in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user process) ordered pair and by defining the process reliability. This paper presents an extended BLP (E-BLP) model in which processes are grouped into two subdivisions, common and public, and the execution of a process is controlled by DRC (Dynamic Reliability Check) to prevent the malicious behavior of the process. Therefore, this model mitigates the confidentiality threat, integrity threat, and also gives enhanced usability of the system
Keywords :
operating system kernels; security of data; BLP model; DRC; Linux kernel; computer security; confidentiality threat; integrity threat; secure operating systems; usability; Availability; Buffer overflow; Communication system security; Computer security; Information security; Kernel; Linux; Operating systems; Protection; Usability;
Conference_Titel :
Dependable Computing, 2001. Proceedings. 2001 Pacific Rim International Symposium on
Conference_Location :
Seoul
Print_ISBN :
0-7695-1414-6
DOI :
10.1109/PRDC.2001.992712
