中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
Quantitatively Measure Access Control Mechanisms Across Different Operating Systems
Author: Cheng, Liang ; Zhang, Yang ; Han, Zhihui
Conference Name: 7th IEEE International Conference on Software Security and Reliability (SERE)
Conference Date: JUN 18-20, 2013
Issued Date: 2013
Conference Place: Gaithersburg, MD
Keyword: Security Measurement ; Vulnerability Profile ; Operating System ; Logic Programming
Publish Place: IEEE
Indexed Type: CPCI
ISBN: 978-0-7695-5021-3; 978-1-4799-0406-8
Department: [Cheng, Liang; Zhang, Yang; Han, Zhihui] Chinese Acad Sci, Inst Software, Beijing, Peoples R China.
Abstract: Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against attacks, and the notion of vulnerability coefficients as a numeric and platform-independent measurement of the protection quality of ACMs. Based on these two notions, our approach applies the Grey System Theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. To our knowledge, our approach is the first attempt for quantitative measurement and comparison of ACMs across different operating systems. Based on our approach, we implement a prototype tool called ACVAL that leverages logic programming to characterize, evaluate, and compare access control mechanisms. We apply ACVAL to three mainstream ACMs, and results that ACVAL is effective in evaluating access control mechanisms across different operating systems, a feature particularly useful to administrators of heterogenous IT systems.
English Abstract: Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against attacks, and the notion of vulnerability coefficients as a numeric and platform-independent measurement of the protection quality of ACMs. Based on these two notions, our approach applies the Grey System Theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. To our knowledge, our approach is the first attempt for quantitative measurement and comparison of ACMs across different operating systems. Based on our approach, we implement a prototype tool called ACVAL that leverages logic programming to characterize, evaluate, and compare access control mechanisms. We apply ACVAL to three mainstream ACMs, and results that ACVAL is effective in evaluating access control mechanisms across different operating systems, a feature particularly useful to administrators of heterogenous IT systems.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16550
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Cheng, Liang,Zhang, Yang,Han, Zhihui. Quantitatively Measure Access Control Mechanisms Across Different Operating Systems[C]. 见:7th IEEE International Conference on Software Security and Reliability (SERE). Gaithersburg, MD. JUN 18-20, 2013.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Cheng, Liang]'s Articles
[Zhang, Yang]'s Articles
[Han, Zhihui]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Cheng, Liang]‘s Articles
[Zhang, Yang]‘s Articles
[Han, Zhihui]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace