Implementação de políticas UCON em um núcleo de sistema operacional
Resumo
O controle de uso vai além do controle de acesso tradicional e trata os aspectos relacionados à mutabilidade dos atributos e validação contínua das restrições de uso. O modelo UCONABC estabelece um ferramental formal básico para tratar as novas necessidades de segurança e sistemas de controle de uso. Como esse modelo foi apenas descrito por uma especificação formal, este trabalho o implementa na forma de uma gramática LALR(1). A gramática proposta é então utilizada para representar cenários de controle de acesso e uso comuns, demonstrando sua expressividade e utilidade. Por fim, a gramática é implementada em um mecanismo de controle de uso de arquivos no núcleo de um sistema operacional aberto.
Referências
Bell, D. and LaPadula, L. (1976). Secure computer systems: Unified exposition and Multics interpretation. Technical report, MITRE Corporation, Massachusetts, USA.
Camy, A., Westphall, C., and Righi, R. (2005). Aplicação do modelo UCONABC em sistemas de comércio eletrônico B2B. In 5th Brazilian Symposium on Information Security and Computing Systems (SBSeg). in Portuguese.
Higashiyama, M., Lung, L., Obelheiro, R., and Fraga, J. (2005). JaCoWeb-ABC: Integração do modelo de controle de acesso UCONABC no CORBASec. In 5th Brazilian Symposium on Information Security and Computing Systems (SBSeg).
Kim, J. and Thuraisingham, B. (2006). Dependable and secure TMO scheme. In IEEE Intl Symposium on Object and Component-Oriented Real-Time Distributed Computing, pages 133–140.
Lampson, B. W. (1974). Protection. SIGOPS Operating System Review, 8(1):18–24.
May, M. J. (2004). Privacy system encoded using EPAL 1.2. Technical report, University of Pennsylvania.
Park, J. and Sandhu, R. (2003). Usage control: A vision for next generation access control. In Gorodetsky, V., Popyack, L. J., and Skormin, V. A., editors, Intl Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, volume 2776 of LNCS, pages 17–31. Springer.
Park, J. and Sandhu, R. (2004). The UCONABC usage control model. ACM Transactions on Information and System Security, 7(1):128–174.
Pretschner, A., Hilty, M., and Basin, D. (2006). Distributed usage control. Communications of the ACM, 49(9):39–44.
Ryutov, T. and Neuman, C. (2000). Representation and evaluation of security policies for distributed system services. In DARPA Information Survivability Conference Exposition, Healton Head, South Carolina.
Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The NIST model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, pages 47–63.
Syalim, A., Tabata, T., and Sakurai, K. (2006). Usage control model and architecture for data confidentiality in a database service provider. IPSJ Digital Courier, 2:621–626.
Wedde, H. F. and Lischka, M. (2004). Modular authorization and administration. ACM Transactions on Information and System Security, 7(3):363–391.
Woo, T. Y. C. and Lam, S. S. (1992). Authorization in distributed systems: a formal approach. In IEEE Symposium on Research in Security and Privacy, pages 33–51.
Woo, T. Y. C. and Lam, S. S. (1998). Designing a distributed authorization service. In IEEE INFOCOM, pages 419–429.
Zhang, X., Park, J., Parisi-Presicce, F., and Sandhu, R. (2004). A logical specification for usage control. In ACM symposium on Access control models and technologies.
Camy, A., Westphall, C., and Righi, R. (2005). Aplicação do modelo UCONABC em sistemas de comércio eletrônico B2B. In 5th Brazilian Symposium on Information Security and Computing Systems (SBSeg). in Portuguese.
Higashiyama, M., Lung, L., Obelheiro, R., and Fraga, J. (2005). JaCoWeb-ABC: Integração do modelo de controle de acesso UCONABC no CORBASec. In 5th Brazilian Symposium on Information Security and Computing Systems (SBSeg).
Kim, J. and Thuraisingham, B. (2006). Dependable and secure TMO scheme. In IEEE Intl Symposium on Object and Component-Oriented Real-Time Distributed Computing, pages 133–140.
Lampson, B. W. (1974). Protection. SIGOPS Operating System Review, 8(1):18–24.
May, M. J. (2004). Privacy system encoded using EPAL 1.2. Technical report, University of Pennsylvania.
Park, J. and Sandhu, R. (2003). Usage control: A vision for next generation access control. In Gorodetsky, V., Popyack, L. J., and Skormin, V. A., editors, Intl Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, volume 2776 of LNCS, pages 17–31. Springer.
Park, J. and Sandhu, R. (2004). The UCONABC usage control model. ACM Transactions on Information and System Security, 7(1):128–174.
Pretschner, A., Hilty, M., and Basin, D. (2006). Distributed usage control. Communications of the ACM, 49(9):39–44.
Ryutov, T. and Neuman, C. (2000). Representation and evaluation of security policies for distributed system services. In DARPA Information Survivability Conference Exposition, Healton Head, South Carolina.
Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The NIST model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, pages 47–63.
Syalim, A., Tabata, T., and Sakurai, K. (2006). Usage control model and architecture for data confidentiality in a database service provider. IPSJ Digital Courier, 2:621–626.
Wedde, H. F. and Lischka, M. (2004). Modular authorization and administration. ACM Transactions on Information and System Security, 7(3):363–391.
Woo, T. Y. C. and Lam, S. S. (1992). Authorization in distributed systems: a formal approach. In IEEE Symposium on Research in Security and Privacy, pages 33–51.
Woo, T. Y. C. and Lam, S. S. (1998). Designing a distributed authorization service. In IEEE INFOCOM, pages 419–429.
Zhang, X., Park, J., Parisi-Presicce, F., and Sandhu, R. (2004). A logical specification for usage control. In ACM symposium on Access control models and technologies.
Publicado
27/08/2007
Como Citar
TEIGÃO, Rafael Coninck; MAZIERO, Carlos; SANTIN, Altair.
Implementação de políticas UCON em um núcleo de sistema operacional. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 7. , 2007, Rio de Janeiro.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2007
.
p. 79-92.
DOI: https://doi.org/10.5753/sbseg.2007.20919.
