Desktop operating systems, including macOS, Windows 10, and Linux, are adopting the application-based security model pervasive in mobile platforms. In Linux, this transition is part of the movement towards two distrib...
详细信息
ISBN:
(纸本)9781450393577
Desktop operating systems, including macOS, Windows 10, and Linux, are adopting the application-based security model pervasive in mobile platforms. In Linux, this transition is part of the movement towards two distribution-independent application platforms: Flatpak and Snap. this paper provides the first analysis of sandbox policies defined for Flatpak and Snap applications, covering 283 applications contained in both platforms. First, we find that 90.1% of Snaps and 58.3% of Flatpak applications studied are contained by tamperproof sandboxes. Further, we find evidence that package maintainers actively attempt to define least-privilege application policies. However, defining policy is difficult and error-prone. When studying the set of matching applications that appear in both Flatpak and Snap app stores, we frequently found policy mismatches: e.g., the Flatpak version has a broad privilege (e.g., file access) that the Snap version does not, or vice versa. this work provides confidence that Flatpak and Snap improve Linux platform security while highlighting opportunities for improvement.
As end-users have been asked to take on management tasks for their content and online resources, accesscontrol mechanisms have played an increasingly important role in a broad range of applications. these include dat...
详细信息
ISBN:
(纸本)9781450375689
As end-users have been asked to take on management tasks for their content and online resources, accesscontrol mechanisms have played an increasingly important role in a broad range of applications. these include data management for personalized medicine, content sharing sites, online communities, and technologies for remote collaborative work. To address the need of these emerging user-centered domains, an increasing body of work has recognized the importance of new multi-user (or more generally, stakeholder) accesscontrol mechanisms for multiple users. the emphasis on group-centered accesscontrol has led to a shift from the traditional approach taken in the accesscontrol community for two main reasons. First, the accesscontrol community had long investigated models and techniques to facilitate single subjects' access to resources according to well-defined locally-enforceable policies, with little attention given to group-driven accesscontrol decisions. Second, the underlying goal had been to maintain confidentiality rather than facilitate controlled sharing. As such, the decisions offered by these early mechanisms are single-user driven and often binary and based on inflexible policies. Consequently, researchers have investigated and proposed a variety of multiparty accesscontrol mechanisms [5], and defined rigorous models for content management among multiple users, also developing mechanisms for various applications [1-4, 6-10]. Some tools for practical applications have also been developed. However, we have also assisted to several "failures" where promising approaches have not gained traction, either among the research community or (even less) the applied world. In this talk I will first discuss unique needs and challenges with addressing accesscontrol for multi-owned content, and provide a perspective from various applications. Next, I will summarize main successes and failures of existing approaches, identify open research challenges for future resea
the proceedings contain 19 papers. the topics discussed include: a model of triangulating environments for policy authoring;towards analyzing complex operating system accesscontrol configurations;monitoring security ...
ISBN:
(纸本)9781450300490
the proceedings contain 19 papers. the topics discussed include: a model of triangulating environments for policy authoring;towards analyzing complex operating system accesscontrol configurations;monitoring security policies with metric first-order temporal logic;on the definition of role mining;mining roles with noisy data;StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy;role mining based on weights;accesscontrol in practice: pain points;automated management of network accesscontrol from design to enforcement;role-based accesscontrol (RBAC) in Java via proxy objects using annotations;role updating for assignments;enforcing spatial constraints for mobile RBAC systems;capability-based delegation model in RBAC;and a card requirements language enabling privacy-preserving accesscontrol.
the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastruc...
详细信息
the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure;future direction of accesscontrolmodels, architectures, and technologies;supporting conditional delegation in secure workflow management systems;a fine-grained, controllable, user-to-user delegation method in RBAC;relevancy based accesscontrol of versioned XML documents;provable bounds for portable and flexible privacy-preserving access rights;verifiable composition of accesscontrol and application features;adaptive trust negotiation and accesscontrol;and role mining with ORCA.
Securing access to data in location- based services and mobile applications requires the definition of spatially aware access- control systems. Even if some approaches have already been proposed either in the context ...
详细信息
ISBN:
(纸本)9781595930453
Securing access to data in location- based services and mobile applications requires the definition of spatially aware access- control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context- aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO- RBAC, an extension of the RBAC model enhanced with spatial- and location- based information. In GEOR-BAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device- independent position, representing the feature ( the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO- RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. the proposed classes of constraints extend the conventional ones to deal with different granularities ( schema/ instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.
We describe a model, independent of any underlying accesscontrol paradigm, for specifying authorization constraints such as separation of duty and cardinality constraints in workflow systems. We present a number of r...
详细信息
ISBN:
(纸本)9781595930453
We describe a model, independent of any underlying accesscontrol paradigm, for specifying authorization constraints such as separation of duty and cardinality constraints in workflow systems. We present a number of results enabling us to simplify the set of authorization constraints. these results form the theoretical foundation for an algorithm that can be used to determine whether a given constrained work-flow can be satisfied: that is. does there exist an assignment of authorized users to workflow tasks that satisfies the authorization constraints? We show that this algorithm can be incorporated into a workflow reference monitor that guarantees that every workflow instance can complete. We derive the computational complexity of our algorithm and compare its performance to comparable work in the literature. Copyright 2005acm.
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transaction...
详细信息
ISBN:
(纸本)9781595930453
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. this paper introduces an Adaptive Trust Negotiation and accesscontrol (ATNAC) framework to solve these problems. the framework combines two existing systems, TrustBuilder and GAA-AP1, to create a system with more flexibility and responsiveness to attack than either system currently provides. Copyright 2005acm.
this paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is th...
详细信息
ISBN:
(纸本)9781595930453
this paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control over what rights a user wishes to delegate as opposed to delegation at the role level where all the rights of a role must be delegated. In addition, the model provides a rich set of controls regarding further delegations of a right, generic constraints that further control delegations, and an innovative model for revocations. Properties of both delegation and revocation are discussed, and our work is compared with other related research. Copyright 2005acm.
暂无评论