ISCAS OpenIR
Quantitatively Measure Access Control Mechanisms Across Different Operating Systems
Cheng, Liang; Zhang, Yang; Han, Zhihui
2013
会议名称7th IEEE International Conference on Software Security and Reliability (SERE)
页码50-59
会议日期JUN 18-20, 2013
会议地点Gaithersburg, MD
收录类别CPCI
出版地IEEE
ISBN978-0-7695-5021-3; 978-1-4799-0406-8
部门归属[Cheng, Liang; Zhang, Yang; Han, Zhihui] Chinese Acad Sci, Inst Software, Beijing, Peoples R China.
摘要Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against attacks, and the notion of vulnerability coefficients as a numeric and platform-independent measurement of the protection quality of ACMs. Based on these two notions, our approach applies the Grey System Theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. To our knowledge, our approach is the first attempt for quantitative measurement and comparison of ACMs across different operating systems. Based on our approach, we implement a prototype tool called ACVAL that leverages logic programming to characterize, evaluate, and compare access control mechanisms. We apply ACVAL to three mainstream ACMs, and results that ACVAL is effective in evaluating access control mechanisms across different operating systems, a feature particularly useful to administrators of heterogenous IT systems.; Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against attacks, and the notion of vulnerability coefficients as a numeric and platform-independent measurement of the protection quality of ACMs. Based on these two notions, our approach applies the Grey System Theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. To our knowledge, our approach is the first attempt for quantitative measurement and comparison of ACMs across different operating systems. Based on our approach, we implement a prototype tool called ACVAL that leverages logic programming to characterize, evaluate, and compare access control mechanisms. We apply ACVAL to three mainstream ACMs, and results that ACVAL is effective in evaluating access control mechanisms across different operating systems, a feature particularly useful to administrators of heterogenous IT systems.
关键词Security Measurement Vulnerability Profile Operating System Logic Programming
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/16550
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Cheng, Liang,Zhang, Yang,Han, Zhihui. Quantitatively Measure Access Control Mechanisms Across Different Operating Systems[C]. IEEE,2013:50-59.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Cheng, Liang]的文章
[Zhang, Yang]的文章
[Han, Zhihui]的文章
百度学术
百度学术中相似的文章
[Cheng, Liang]的文章
[Zhang, Yang]的文章
[Han, Zhihui]的文章
必应学术
必应学术中相似的文章
[Cheng, Liang]的文章
[Zhang, Yang]的文章
[Han, Zhihui]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。