A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

Author

Kim, Hyung Chan ; Ramakrishna, R.S. ; Shin, Wook ; Sakurai, Koiuchi

Author_Institution

Dept. of Inf. & Commun.,, Gwangju Inst. of Sci. & Technol.

fYear

2007

fDate

10-13 April 2007

Firstpage

1160

Lastpage

1166

Abstract

The main focus of current research in trusted operating systems (TOS) is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which are also of concern in security enforcement. This paper presents a policy language for the extended reference monitor. Our policy language is based on domain and type enforcement (DTE) and role-based access control (RBAC). Permission is defined as an event and a state of behavior is represented as a fluent to be accorded with the convention of event calculus (EC). Behavior policies can be expressed with the EC style syntax as well as access control policies

Keywords

authorisation; operating systems (computers); behavior control; behavioral semantics; domain enforcement; event calculus; extended reference monitor; policy language; role-based access control; runtime attacks; security enforcement; trusted operating systems; type enforcement; Access control; Calculus; Communication system control; Computer science; Computerized monitoring; Control systems; Operating systems; Permission; Runtime; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.14

Filename

4159922