Sciweavers

SACMAT
2009
ACM

Trojan horse resistant discretionary access control

14 years 7 months ago
Trojan horse resistant discretionary access control
Modern operating systems primarily use Discretionary Access Control (DAC) to protect files and other operating system resources. DAC mechanisms are more user-friendly than Mandatory Access Control (MAC) systems, but are vulnerable to trojan horse attacks and attacks exploiting buggy software. We show that it is possible to have the best of both worlds: DAC’s easy-to-use discretionary policy specification and MAC’s defense against trojan horses and buggy programs. This is made possible by a key new insight that DAC has this weakness not because it uses the discretionary principle, but because existing DAC enforcement mechanisms assume that a single principal is responsible for any request, whereas in reality a request may be influenced by multiple principals; thus these mechanisms cannot correctly identify the true origin(s) of a request and fall prey to trojan horses. We propose to solve this problem by combining DAC’s policy specification with new enforcement techniques tha...
Ziqing Mao, Ninghui Li, Hong Chen, Xuxian Jiang
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Where SACMAT
Authors Ziqing Mao, Ninghui Li, Hong Chen, Xuxian Jiang
Comments (0)