Mutating DAC and MAC Security Policies: A Generic Metamodel Based Approach
نویسندگان
چکیده
In this paper we show how DAC and MAC security policies can be specified, implemented and validated through mutation testing using a generic approach. This work is based on a generic security framework originally designed to support RBAC and OrBAC security policies and their implementation in Java applications.
منابع مشابه
Rewrite Specifications of Access Control Policies in Distributed Environments
We define a metamodel for access control that takes into account the requirements of distributed environments, where resources and access control policies may be distributed across several sites. This distributed metamodel is an extension of the category-based metamodel proposed in previous work (from which standard centralised access control models such as MAC, DAC, RBAC, Bell-Lapadula, etc. c...
متن کاملWhat's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources
The pervasiveness of security-critical external resources (e.g accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an authorized phone gains unfettered access to any Bluetooth device (e.g., Blood Glucose meter, etc.). Here we further show that sensitive text messages fr...
متن کاملA Multi{level Secure Object-oriented Database Model
This model presents a multi-level secure (MLS) database using object-oriented technology. The model is based on, and extends the requirements of the Department of Defense 5200.28-STD, DoD Trusted Computer System Evaluation Criteria (TCSEC) dated December 1985, commonly known as the Orange Book. Currently, there does not exist a database model in any technology which meets the requirements of th...
متن کاملExtending Java for Package based Access Control
This paper describes an extension of the Java language that provides “programmable security.” The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language t...
متن کاملPULSE: a Pluggable User-space Linux Security Environment paper
The discretionary access controls (DAC) employed by traditional operating systems only provide system administrators and users with a loose ability to specify the security policies of the system. In contrast, mandatory access controls (MAC) provide a stronger, finer-grained mechanism for specifying and enforcing system security policies. A related security concept called the principle of least ...
متن کامل