DocumentCode
1831500
Title
Techniques for Automating Policy Specification for Application-oriented Access Controls
Author
Schreuders, Z. Cliffe ; Payne, Christian ; McGill, Tanya
Author_Institution
Sch. of Inf. Technol., Murdoch Univ., Murdoch, WA, Australia
fYear
2011
fDate
22-26 Aug. 2011
Firstpage
266
Lastpage
271
Abstract
By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.
Keywords
authorisation; formal specification; invasive software; application-oriented access control; file system content; functionality-based application confinement model; malware; policy specification; program dependency; program management information; rule-based access control; software vulnerability; Access control; Automation; Games; Libraries; Linux; Software; a priori policy specification; application-oriented access control; functionality-based application confinement; policy abstraction; policy automation; sandboxing;
fLanguage
English
Publisher
ieee
Conference_Titel
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location
Vienna
Print_ISBN
978-1-4577-0979-1
Electronic_ISBN
978-0-7695-4485-4
Type
conf
DOI
10.1109/ARES.2011.47
Filename
6045949
Link To Document