Policy Specialization to Support Domain Isolation
| Autor: | Stefano Paraboschi, Simone Mutti, Enrico Bacis |
|---|---|
| Rok vydání: | 2015 |
| Předmět: |
Web server
Computer science Real systems Principle of least privilege 16. Peace & justice computer.software_genre Computer security Mandatory access control Component-based software engineering Damages Information system Android (operating system) Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni computer |
| Zdroj: | Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense-SafeConfig '15 Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense-SafeConfig 15 Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense SafeConfig@CCS |
| DOI: | 10.1145/2809826.2809832 |
| Popis: | The exponential growth of modern information systems has introduced several new challenges in the management of security requirements. Nowadays, the technological scenario has evolved and the introduction of MAC models provides a better isolation among software components and reduces the damages that the malicious or defective ones can cause to the systems. On one hand it is important to confine applications and limit the privileges that they can request. On the other hand we want to let applications benefit from the flexibility given by MAC models, such as SELinux.In this paper we show how the constructs already available in SELinux and the specialization of security domains can be leveraged to define boundaries where the applications are confined but still able to introduce sophisticated security patterns, such as application isolation and the least privilege principle. After defining the proposed model, we describe how it can be integrated into real systems through the use of examples on Android and Apache Web Server. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|