A General Mandatory Access Control Framework in Distributed Environments

In this paper, we propose a general mandatory access framework for distributed systems. The framework can be applied into multiple operating systems and can handle multiple stakeholders. Despite considerable advancements in the area of mandatory access control, a certain approach to enforcing mandatory access control can only be applied in a specific operating system. Other than PC market in which windows captures the overwhelming shares, there are a number of popular operating systems in the emerging smart phone environment, i.e. Android, Windows mobile, Symbian, RIM. It should be noted that more and more stakeholders are involved in smartphone software, such as devices owners, service providers and application providers. Our framework includes three parts—local decision layer, the middle layer and the remote decision layer. The middle layer takes charge of managing security contexts, OS API, operations and policy combination. The design of the remote decision layer doesn’t depend on certain operating systems because of the middle layer’s existence. We implement the framework in windows, linux and other popular embedded systems.

• Feng Yang
• Xuehai Zhou
• Dalei Hu

• Mandatory Access Control
• Distributed System
• General Platform.

[1] L. Lapadula 1996. Secure computer systems: a mathematical model.
MITRE Technical Report, Vol I.
[2] L. Lapadula 1996. Secure computer systems: a mathematical model.
MITRE Technical Report, Vol II.
[3] K.J. Biba 1977. Integrity Considerations for Secure Computer
Systems:[ESD-TR-76-372]. Electronic Systems Division.
[4] C.E. Landwehr. 1981. Formal Models for Computer Security. ACM
Computing Surveys, 13(3).
[5] S.R. Ferraiolo DF, S. Gavrila. 2001. Proposed NIST Standard for Rolebased
Access Control. ACM Transactions on Information and System
Security.
[6] W.E. Boebert, R. Y. Kain. 1985. A Practical Alternative to Hierarchical
Integrity Policies. In Proceedings of the 8PthP National Computer
Security Conference.
[7] Symbian Limited. Symbian OS – the mobile operating system.
HTUhttp://www.symbian.comUTH, 2006.
[8] W. Enck, M. Ongtang, and P. McDaniel. Automated Cellphone
Application Certification in Android. Technical report, Pennsylvania
State University, 2008.
[9] A. Herzberg, Y. Mass, J. Michaeli, Y. Ravid, D. Naor. 2000. Access
Control Meets Public Key Infrastructure, Or: Assigning Roles to
Strangers. In the Proceedings of the 2000 IEEE Symposium on Security
and Privacy.
[10] P. Bonatti, S. De Capitani di Vimercati, and P. Samarati. 2002. An
Algebra for Composing Access Control Policies. HACM Transactions
on Information and System SecurityH.
[11] H. H. Hosmer. 1992. Metapolicies II. In Proceedings of the 15PthP
National Computer Security Conference.
[12] V. Rao, T. Jaeger. 2009. Dynamic Mandatory Access Control for
Multiple Stakeholders. In the Proceedings of 2009 HSymposium on
Access control Models and TechnologiesH.
[13] Rtems HTUhttp://www.rtems.com/UTH.
[14] http://web-b.embedded.ustcsz.edu.cn/projects/PFAC.