Serveur d'exploration sur l'opéra

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Reusability of Functionality-Based Application Confinement Policy Abstractions

Identifieur interne : 000487 ( Istex/Curation ); précédent : 000486; suivant : 000488

Reusability of Functionality-Based Application Confinement Policy Abstractions

Auteurs : Cliffe Schreuders [Australie] ; Christian Payne [Australie]

Source :

RBID : ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9

Abstract

Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.

Url:
DOI: 10.1007/978-3-540-88625-9_14

Links toward previous steps (curation, corpus...)


Links to Exploration step

ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9

Le document en format XML

<record>
<TEI wicri:istexFullTextTei="biblStruct">
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<author>
<name sortKey="Schreuders, Cliffe" sort="Schreuders, Cliffe" uniqKey="Schreuders C" first="Cliffe" last="Schreuders">Cliffe Schreuders</name>
<affiliation wicri:level="1">
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
<country xml:lang="fr">Australie</country>
<wicri:regionArea>School of IT, Murdoch University, South Street, WA 6150, Murdoch</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1">
<mods:affiliation>E-mail: c.schreuders@murdoch.edu.au</mods:affiliation>
<country wicri:rule="url">Australie</country>
</affiliation>
</author>
<author>
<name sortKey="Payne, Christian" sort="Payne, Christian" uniqKey="Payne C" first="Christian" last="Payne">Christian Payne</name>
<affiliation wicri:level="1">
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
<country xml:lang="fr">Australie</country>
<wicri:regionArea>School of IT, Murdoch University, South Street, WA 6150, Murdoch</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1">
<mods:affiliation>E-mail: c.payne@murdoch.edu.au</mods:affiliation>
<country wicri:rule="url">Australie</country>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9</idno>
<date when="2008" year="2008">2008</date>
<idno type="doi">10.1007/978-3-540-88625-9_14</idno>
<idno type="url">https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">000487</idno>
<idno type="wicri:Area/Istex/Curation">000487</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<author>
<name sortKey="Schreuders, Cliffe" sort="Schreuders, Cliffe" uniqKey="Schreuders C" first="Cliffe" last="Schreuders">Cliffe Schreuders</name>
<affiliation wicri:level="1">
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
<country xml:lang="fr">Australie</country>
<wicri:regionArea>School of IT, Murdoch University, South Street, WA 6150, Murdoch</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1">
<mods:affiliation>E-mail: c.schreuders@murdoch.edu.au</mods:affiliation>
<country wicri:rule="url">Australie</country>
</affiliation>
</author>
<author>
<name sortKey="Payne, Christian" sort="Payne, Christian" uniqKey="Payne C" first="Christian" last="Payne">Christian Payne</name>
<affiliation wicri:level="1">
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
<country xml:lang="fr">Australie</country>
<wicri:regionArea>School of IT, Murdoch University, South Street, WA 6150, Murdoch</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1">
<mods:affiliation>E-mail: c.payne@murdoch.edu.au</mods:affiliation>
<country wicri:rule="url">Australie</country>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series>
<title level="s">Lecture Notes in Computer Science</title>
<imprint>
<date>2008</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
<idno type="istex">503590810F7C5026FEB103D1B693C994C15E6AE9</idno>
<idno type="DOI">10.1007/978-3-540-88625-9_14</idno>
<idno type="ChapterID">Chap14</idno>
<idno type="ChapterID">14</idno>
</biblStruct>
</sourceDesc>
<seriesStmt>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass></textClass>
<langUsage>
<language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</div>
</front>
</TEI>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/OperaV1/Data/Istex/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000487 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/Istex/Curation/biblio.hfd -nk 000487 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Musique
   |area=    OperaV1
   |flux=    Istex
   |étape=   Curation
   |type=    RBID
   |clé=     ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9
   |texte=   Reusability of Functionality-Based Application Confinement Policy Abstractions
}}

Wicri

This area was generated with Dilib version V0.6.21.
Data generation: Thu Apr 14 14:59:05 2016. Site generation: Thu Oct 8 06:48:41 2020