SpringerLink - Journal Article

A formal model for integrity protection based on DTE technique

Ji Qingguang ¹, Qing Sihan ¹ and He Yeping ²

(1)	Engineering Research Center for Information Security Technology, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

(2)	Infrastructure Software Engineering Center, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

Received: 7 February 2006 Accepted: 7 April 2006

Abstract In order to provide integrity protection for the secure operating system to satisfy the structured protection class’ requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.

Keywords formal model - integrity policy - information flow - domain - type

Ji Qingguang
Email: qgji@ercist.iscas.ac.cn

References

1.	Jueneman R R. Integrity controls for military and commercial applications. In: Fourth Aerospace Computer Security Applications Conference. Florida: IEEE Computer Society Press, 1988. 298–322

2.	Ruthberg Z G, Polk W T. Report of the Invitational Workshop on Data Integrity, National Institute of Standards and Technology. NIST Special Publication, September, 1989. 500–168

3.	Mayfield T, Boore J M, Welke S R. Integrity-oriented control objectives: Proposed revision to the trusted computer systems evaluation criteria (TCSEC, DoD5200.28.STD), IDA document D-967, prepared for National Security Agency (US, available at http://www.mirrors.wiretapped.net/security/inf/reference/ncse-publications/C-TR-111-91.pdf

4.	Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements, ISO/IEC 15408-2, 1999, International Standards Organization

5.	Abrams M D, Joyce M V. Trusted system concepts. Computers and Security, 1995, 14(1): 45–56

6.	Bell D E. Multipolicy machine Model. In: Proceedings of the 1994 ACM SIGSAC on New Security Paradigms Workshop. Little Compton, RI USA, August 1994, 2–9

7.	Mayfield T, Roskos J E, Welke S R, et al. Integrity in automated information systems, NCSC Technical Report, National Computer Security Center, 1991, 91

8.	Sandhu R S. On five definitions of data integrity. In: Keefe T F, Landwehr C E, eds. Database Security, VII: Status and Prospects. Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Guntersville, Alabama, 1993. 257–267

9.	LaPadula L J. Rule-set modeling of a trusted computer system. In: Abrams M D, Jajodia S, Podell H J, eds. Information Security: An Integrated Collection of Essays. Los Alamitos: IEEE Computer Society Press, 1995. 187–226

10.	Kargar P A, Austel V, Toll D. A new mandatory security policy combining secrecy and integrity. IBM research report RC21717, 2000

11.	Fraser T. LOMAC: Low Water-Mark Integrity Protection for COTS Environments. NAI Labs report 0775, 2000

12.	Ott A. The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension. In: 8th International Linux Kongress, Enschede, November 2001. Available at http://www.rsbac.org/doc/media/linux-kongress/linux-kongress.html.

13.	Smith R E. Sidewinder: Defense in Depth using Type Enforcement. Secure Computing Corporation Report, 2000

14.	Badger L, Sterne D F, Sherman D L, et al. Practical domain and type enforcement for UNIX. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1995. 66–77

15.	Walker K M, Sterne D F, Badger M L, et al. Confining root programs with domain and type enforcement (DTE). In: Proceedings of 1996 Usenix Security Symposium, San Jose, CA, 1996. Available at http://www.usenix.org/publications/library/proceedings/sec96/walker.html.

16.	Tidswell J E, Potter J M. An approach to dynamic domain and type enforcement, Lecture Notes in Computer Science, Volume 1270. In: Proceedings of the 2nd Australasian Conference on Information Security and Privacy, July 1997, 26–37

17.	Boebert W E, Kain R Y, Young W D. Secure computing: The secure Ada target approach, Advance in Computer System Security. Volume 3. Turn R, ed. Boston/London: Artech House, INC, 1988

18.	Cohen F. Computer viruses: theory and experiments, Advance in Computer System Security, Volume 3, Turn R, ed. Boston/London: Artech House, INC, 1988

19.	Lee T M P. Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of IEEE Symposium on Security and Privacy, 1988, 140–146

20.	Thomsen D J. Role-based application design and enforcement. In: Jajodia S, Landwehr C E, eds. Database Security, IV: Status and Prospects, North-Holland, 1991. 151–168

21.	Nyanchama M. Commercial integrity, roles and object orientation. Ph.D dissertation. The University of Western Ontario, London, Ontario, 1994

22.	Lipner S. Non-discretionary control for commercial applications. In: Proceedings of IEEE 1982 Symposium on Research in Security and Privacy, April 1982, 2–10

23.	Fraser T, Badger L. Ensuring continuity during dynamic security policy reconfiguration in DTE. In: Proceedings of 1998 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1998. 15–26

24.	Haigh J T, Young W D. Extending the noninterference version of MLS for SAT. In: Proceedings of 1986 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1986, 232–239

25.	Ji Q G, Tang L Y, Sheng Q N, ERCIST OS V4.0 security policy formal model and its applications (in Chinese), Engineering Research Center for Information Security Technology, the technical documentation of the “structured protection class” secure operating system, Mar. 2003

26.	Jaeger T, Tidswell J E. Practical safety in flexible access control models. ACM Transactions on Information and System Security, 2001, 4(2): 158–190

27.	Hoffman J. Implementing RBAC on a type enforced system Proc. 13th Annual Computer Security Applications Conference, December 1997, 158–163