TY - GEN
T1 - Supporting access control policies across multiple operating systems
AU - Teo, Lawrence
AU - Ahn, Gail Joon
PY - 2005
Y1 - 2005
N2 - The evaluation of computer systems has been an important issue for many years, as evidenced by the introduction of industry evaluation guides such as the Rainbow Books and the more recent Common Criteria for IT Security Evaluation. As organizations depend on the Internet for their daily operations, the need for evaluation is even more apparent due to new security risks. It is not uncommon for large organizations to evaluate different systems, such as operating systems, to identify which would best fit their security policy. Each system would undoubtedly use different methods to represent access control policies. The security policy would therefore need to be translated into specific access control policies that each system understands, which is challenging when large and complex systems are involved. In this paper, we focus on the evaluation of operating systems. We describe Chameleos, a policy specification language that is designed to specify the access control policies of multiple operating systems. The strength of Chameleos is its flexibility to cater to many operating systems, while remaining sufficiently extensible to support the specific features of each system. We describe the design and architecture of Chameleos, and demonstrate that Chameleos can flexibly and effectively represent the access control policies of grsecurity and SELinux - two very different systems.
AB - The evaluation of computer systems has been an important issue for many years, as evidenced by the introduction of industry evaluation guides such as the Rainbow Books and the more recent Common Criteria for IT Security Evaluation. As organizations depend on the Internet for their daily operations, the need for evaluation is even more apparent due to new security risks. It is not uncommon for large organizations to evaluate different systems, such as operating systems, to identify which would best fit their security policy. Each system would undoubtedly use different methods to represent access control policies. The security policy would therefore need to be translated into specific access control policies that each system understands, which is challenging when large and complex systems are involved. In this paper, we focus on the evaluation of operating systems. We describe Chameleos, a policy specification language that is designed to specify the access control policies of multiple operating systems. The strength of Chameleos is its flexibility to cater to many operating systems, while remaining sufficiently extensible to support the specific features of each system. We describe the design and architecture of Chameleos, and demonstrate that Chameleos can flexibly and effectively represent the access control policies of grsecurity and SELinux - two very different systems.
KW - Access control
KW - Chameleos
KW - Extensibility
KW - Flexibility
KW - Operating systems
KW - Policy specification
UR - http://www.scopus.com/inward/record.url?scp=34748827641&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34748827641&partnerID=8YFLogxK
U2 - 10.1145/1167253.1167317
DO - 10.1145/1167253.1167317
M3 - Conference contribution
AN - SCOPUS:34748827641
SN - 1595930590
SN - 9781595930590
T3 - Proceedings of the Annual Southeast Conference
SP - 2288
EP - 2293
BT - Proceedings of the 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
T2 - 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Y2 - 18 March 2005 through 20 March 2005
ER -