Sciweavers

SP
2007
IEEE

Usable Mandatory Integrity Protection for Operating Systems

14 years 5 months ago
Usable Mandatory Integrity Protection for Operating Systems
Existing mandatory access control systems for operating systems are difficult to use. We identify several principles for designing usable access control systems and introduce the Usable Mandatory Integrity Protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usability goals for UMIP are twofold. First, configuring a UMIP system should not be more difficult than installing and configuring an operating system. Second, existing applications and common usage practices can still be used under UMIP. UMIP has several novel features to achieve these goals. For example, it introduces several concepts for expressing partial trust in programs. Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection. We also discuss our implementation of the UMIP model for Linux using ...
Ninghui Li, Ziqing Mao, Hong Chen
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where SP
Authors Ninghui Li, Ziqing Mao, Hong Chen
Comments (0)