Transforming commodity security policies to enforce Clark-Wilson integrity
D Muthukumaran, S Rueda, N Talele… - Proceedings of the 28th …, 2012 - dl.acm.org
Modern distributed systems are composed from several off-the-shelf components, including
operating systems, virtualization infrastructure, and application packages, upon which some …
operating systems, virtualization infrastructure, and application packages, upon which some …
From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems
P Clemente, J Rouzaud-Cornabas… - … on Computational Science …, 2010 - Springer
Protection deals with the enforcement of integrity and confidentiality. Integrity violations often
lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory …
lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory …
Analyzing Integrity Protection in the {SELinux} Example Policy
T Jaeger, R Sailer, X Zhang - 12th USENIX Security Symposium …, 2003 - usenix.org
In this paper, we present an approach for analyzing the integrity protection in the SELinux
example policy. The SELinux example policy is intended as an example from which …
example policy. The SELinux example policy is intended as an example from which …
Centralized security policy support for virtual machine
NA Quynh, R Ando, Y Takefuji - LISA, 2007 - usenix.org
For decades, researchers have pointed out that Mandatory Access Control (MAC) is an
effective method to protect computer systems from being misused. Unfortunately, MAC is still …
effective method to protect computer systems from being misused. Unfortunately, MAC is still …
[PDF][PDF] Toward Automated Information-Flow Integrity Verification for Security-Critical Applications.
We provide a largely automated system for verifying Clark-Wilson interprocess information-
flow integrity. Information-flow integrity properties are essential to isolate trusted processes …
flow integrity. Information-flow integrity properties are essential to isolate trusted processes …
A Model for Automatically Repairing Execution Integrity
Many users value applications that continue execution in the face of attacks. Current
software protection techniques typically abort a process after an intrusion attempt (eg, a …
software protection techniques typically abort a process after an intrusion attempt (eg, a …
A portable user-level approach for system-wide integrity protection
WK Sze, R Sekar - Proceedings of the 29th Annual Computer Security …, 2013 - dl.acm.org
In this paper, we develop an approach for protecting system integrity from untrusted code
that may harbor sophisticated malware. We develop a novel dual-sandboxing architecture to …
that may harbor sophisticated malware. We develop a novel dual-sandboxing architecture to …
Secguard: Secure and practical integrity protection model for operating systems
Host compromise is a serious security problem for operating systems. Most previous
solutions based on integrity protection models are difficult to use; on the other hand, usable …
solutions based on integrity protection models are difficult to use; on the other hand, usable …
Centralized security policy support for virtual machine
NA Quynh, R Ando, Y Takefuji - 20th Large Installation System …, 2006 - usenix.org
For decades, researchers have pointed out that Mandatory Access Control (MAC) is an
effective method to protect computer systems from being misused. Unfortunately, MAC is still …
effective method to protect computer systems from being misused. Unfortunately, MAC is still …
The Flask security architecture: System support for diverse security policies
Operating systems must be flexible in their support for security policies, providing sufficient
mechanisms for supporting the wide variety of real-world security policies. Such flexibility …
mechanisms for supporting the wide variety of real-world security policies. Such flexibility …