A Linux-Based Approach to Low-Cost Support of Access Control Policies

Abstract

It is vital to our country's political and economic future to adequately protect corporate and government information from unauthorized disclosure and modification. Unfortunately, the current state of computer security is weak, especially when novice adversaries can perform successful infiltrations of sensitive systems. Systems that enforce Mandatory Access Control (MAC) policies are known to reduce some known security weaknesses, but such systems have seen limited use within the United States Government, and they are rarely applied in the private sector. Some of this limited use is caused by a lack of exposure to systems able to enforce MAC policies. This thesis presents an inexpensive approach to providing a system supporting MAC policies, allowing users an opportunity to have hands on experience with such a system. A detailed design for modifying the Linux operating system is given, allowing for the flexible and simultaneous support of multiple policies. In particular, a design and detailed specification for the implementation of label based interfaces for the mandatory portions of the Bell and LaPadula secrecy model and the Biba integrity model have been developed. Implementation of portions of this design has demonstrated the feasibility of this approach to label based interfaces. This design has potential for widespread use in computer security education, as well as broad application as a component in the ongoing Department of Defense research of trusted computer system interfaces.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 1999

Accession Number

ADA370814

Entities

Tags