Supporting access control policies across multiple operating systems

Lawrence Teo, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

The evaluation of computer systems has been an important issue for many years, as evidenced by the introduction of industry evaluation guides such as the Rainbow Books and the more recent Common Criteria for IT Security Evaluation. As organizations depend on the Internet for their daily operations, the need for evaluation is even more apparent due to new security risks. It is not uncommon for large organizations to evaluate different systems, such as operating systems, to identify which would best fit their security policy. Each system would undoubtedly use different methods to represent access control policies. The security policy would therefore need to be translated into specific access control policies that each system understands, which is challenging when large and complex systems are involved. In this paper, we focus on the evaluation of operating systems. We describe Chameleos, a policy specification language that is designed to specify the access control policies of multiple operating systems. The strength of Chameleos is its flexibility to cater to many operating systems, while remaining sufficiently extensible to support the specific features of each system. We describe the design and architecture of Chameleos, and demonstrate that Chameleos can flexibly and effectively represent the access control policies of grsecurity and SELinux - two very different systems.

Original languageEnglish (US)
Title of host publicationProceedings of the 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Pages2288-2293
Number of pages6
DOIs
StatePublished - 2005
Externally publishedYes
Event43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05 - Kennesaw, GA, United States
Duration: Mar 18 2005Mar 20 2005

Publication series

NameProceedings of the Annual Southeast Conference
Volume2

Other

Other43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Country/TerritoryUnited States
CityKennesaw, GA
Period3/18/053/20/05

Keywords

  • Access control
  • Chameleos
  • Extensibility
  • Flexibility
  • Operating systems
  • Policy specification

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Supporting access control policies across multiple operating systems'. Together they form a unique fingerprint.

Cite this