BTG-BIBA: A Flexibility-Enhanced Biba Model Using BTG Strategies for Operating System
Biba model can protect information integrity but might
deny various non-malicious access requests of the subjects, thereby
decreasing the availability in the system. Therefore, a mechanism that
allows exceptional access control is needed. Break the Glass (BTG)
strategies refer an efficient means for extending the access rights of
users in exceptional cases. These strategies help to prevent a system
from stagnation. An approach is presented in this work for integrating
Break the Glass strategies into the Biba model. This research proposes
a model, BTG-Biba, which provides both an original Biba model used
in normal situations and a mechanism used in emergency situations.
The proposed model is context aware, can implement a fine-grained
type of access control and primarily solves cross-domain access
problems. Finally, the flexibility and availability improvement with
the use of the proposed model is illustrated.
[1] Tu, Shan Shan and Niu, Shao Zhang and Li, Hui, ”A fine-grained
access control and revocation scheme on clouds,” J. Concurrency and
Computation: Practice and Experience, vol. 28, no. 6, pp. 2381-2395,
2016, doi: 10.1002/cpe.2956.
[2] D. Elliott Bell and Leonard J. LaPadula, et al., ”Secure Computer
Systems: Mathematical Foundations,” MITRE Technical Report
MTR-2547, Secure Computer Systems Mathematical Foundations,
vol. 1, Mar. 1973.
[3] K. Biba, ”Integrity Considerations for Secure Computer Systems,”
Technical Report MTR-3153, MITRE Corporation, Bedford, MA, Apr.
1977.
[4] Chun-Yang Yuan and Chen-Lei Deng, ”Enforcement of Clark-Wilson
Model in Combination of RBAC and TE Models,” J. the Graduate School
of the Chinese Acad, vol. 24, no. 4, pp. 538-546, Jul. 2010.
[5] Zhou L, Varadharajan V, Hitchens M, ”Trust Enhanced Cryptographic
Role-Based Access Control for Secure Cloud Data Storage,” J. Information
Forensics & Security IEEE Transactions on, vol. 10, no. 11, pp. 2381-2395,
2015, doi: 10.1109/TIFS.2015.2455952.
[6] Xu D., Kent M., Thomas L., et al. ”Automated Model-Based Testing
of Role-Based Access Control Using Predicate/Transition Nets,” J. IEEE
Transactions on Computers, vol. 64, no. 9, pp. 2490-2505, Sep. 1 2015,
doi: 10.1109/TC.2014.2375189.
[7] Bishop M., ”Computer Security: Art and Science,” Boston:
Addison Wesley, pp. 3-6, 2003.
[8] EI Hassani A. A., EI Kalam A. A., Bouhoula A., et al., ”Integrity-OrBAC:
A New Model to Preserve Critical Infrastructures Integrity,” J.
International Journal of Information Security, vol. 14, no. 4, pp. 367-385,
Aug. 2014, doi: 10.1007/s10207-014-0254-9.
[9] Garnaut P., Thompson J., ”Review of Data Integrity Models in
Multi-Level Security Environments,” Technical Report DSTO-TN-0971,
Defence Science And Technology Organisation Edinburgh Command
Control Communications And Intelligence Div, Australia, Feb. 2012.
[10] Alexander P, Pike L, Loscocco P, et al., ”Model Checking Distributed
Mandatory Access Control Policies,” J. Acm Transactions on Information
& System Security, vol. 18, no. 6, pp. 1-25, Dec. 2015, doi:
10.1145/2785966.
[11] Watson, R.N.M.Feldman, B., Migus, A. and Vance,C. Design
and implementation of the TrustedBSD MAC Framework.
Proc. the Third DARPA Information Survivability Conference
and Exhibition, Washington,DC: IEEE, pp. 38-49. Apr. 2003,
doi:10.1109/DISCEX.2003.1194871.
[12] Wright, C., Cowan, C., Morris, J., Smalley, S. and Kroah-Hartman,
G., Linux security modules: General security support for the Linux
kernel. Proc. the 11th Usenix Security Symposium, Berkeley, CA: Usenix
Association, pp. 17-31, Dec. 2002, doi: 10.1109/FITS.2003.1264934.
[13] Robert N.M. Wats on. ”A Decade of OS Access-control Extensibility.”
J. Communications of the Acm,vol. 56, no. 2, pp. 52-63, Feb. 2013,
doi:10.1145/2408776.2408792.
[14] Zhang X., Sun Y., ”Dynamic Enforcement of the Strict Integrity Policy
in Biba’s Model,” J. Jisuanji Yanjiu yu Fazhan(Comput. Res. Dev.), vol.
42, no. 5, pp. 746-754, Apr. 2005.
[15] JUN ZHANG, LI-JUN YUN, ZHENG ZHOU, ”Research of BLP and
Biba Dynamic Union Model Based on Check Domain,” Proc. the Seventh
International Conference on Machine Learning and Cybernetics, Kunming:
IEEE, pp. 3679-3683, Jul. 2008, doi:10.1109/ICMLC.2008.4621044.
[16] Mingxi Zhang, ”Strict Integrity Policy of Biba Model with Dynamic
Characteristics and Its Correctness,” Proc. International Conference
on Computational Intelligence and Security(CIS ’09), Beijing: IEEE,
pp. 521-525, Dec. 2009, doi:10.1109/CIS.2009.58.
[17] Oleshchuk V., ”Trust-enhanced Data Integrity Model,” Proc. IEEE 1st
International Symposium on Wireless Systems (IDAACS-SWS), Offenburg:
IEEE, pp. 109-112, Sep. 2012, doi:10.1109/IDAACS-SWS.2012.6377645.
[18] Liu G., Zhang J., Liu J., et al., ”Improved Biba Model Based on Trusted
Computing,” J. Security and Communication Networks, vol. 8, no. 16,
pp. 2793-2797, Apr. 2015, doi:10.1002/sec.1201.
[19] A. Ferreira, D. Chadwick, P. Farinha, R. Correia, G. Zao, R.
Chilro, and L. Antunes, ”How to Securely Break into RBAC: The
btg-rbac model,” Proc. Computer Security Applications Conference,
Annual(ACSAC), Honolulu, Hawaii: IEEE Computer Society, pp. 23-31.
Dec. 2009, doi:10.1109/ACSAC.2009.12.
[20] Rissanen E., Firozabadi S., Sergot M., ”Towards a Mechanism for
Discretionary Overriding of Access Control,” 12th International Workshop,
Bruce Christianson, Bruno Crispo, James A. Malcolm, Michael Roe,
eds., Cambridge, UK: Springer Berlin Heidelberg, pp. 312-319. 2006,
doi:10.1007/11861386 38.
[21] Achim D. Brucker, Helmut Petritsch, ”Extending Access Control Models
with Break-glass,”Proc. the 14th ACM symposium on Access Control
Models and Technologies(SACMAT’09), NY, USA: ACM New York, pp.
197-206, 2009, doi:10.1145/1542207.1542239.
[22] ”Break-glass: An Approach to Granting Emergency Access to
Healthcare Systems,” White paper, Joint NEMA/COCIR/JIRA Security and
Privacy Committee(SPC), 2004.
[23] Anderson R., Stajano F., Lee J.H., ”Security Policies,” J. Advances in
Computers, vol. 2, no. 4, pp. 185-235, 2002.
[24] Helmut Petritsch, Handling Exceptional Situations in Access
Control, Springer Fachmedien Wiesbaden, pp. 37-50, Sep. 2014,
doi:10.1007/978-3-658-07365-7 3.
[25] Georgakakis, E., Nikolidakis, S.A., Vergados, D.D., and Douligeris, C.,
”Spatio Temporal Emergency Role Based Access Control (STEM-RBAC):
A time and location aware role based access control model
with a break the glass mechanism,” proc.IEEE Symposium on
Computers and Communications (ISCC), pp. 764-770, Jul. 2011,
doi:10.1109/ISCC.2011.5983932.
[1] Tu, Shan Shan and Niu, Shao Zhang and Li, Hui, ”A fine-grained
access control and revocation scheme on clouds,” J. Concurrency and
Computation: Practice and Experience, vol. 28, no. 6, pp. 2381-2395,
2016, doi: 10.1002/cpe.2956.
[2] D. Elliott Bell and Leonard J. LaPadula, et al., ”Secure Computer
Systems: Mathematical Foundations,” MITRE Technical Report
MTR-2547, Secure Computer Systems Mathematical Foundations,
vol. 1, Mar. 1973.
[3] K. Biba, ”Integrity Considerations for Secure Computer Systems,”
Technical Report MTR-3153, MITRE Corporation, Bedford, MA, Apr.
1977.
[4] Chun-Yang Yuan and Chen-Lei Deng, ”Enforcement of Clark-Wilson
Model in Combination of RBAC and TE Models,” J. the Graduate School
of the Chinese Acad, vol. 24, no. 4, pp. 538-546, Jul. 2010.
[5] Zhou L, Varadharajan V, Hitchens M, ”Trust Enhanced Cryptographic
Role-Based Access Control for Secure Cloud Data Storage,” J. Information
Forensics & Security IEEE Transactions on, vol. 10, no. 11, pp. 2381-2395,
2015, doi: 10.1109/TIFS.2015.2455952.
[6] Xu D., Kent M., Thomas L., et al. ”Automated Model-Based Testing
of Role-Based Access Control Using Predicate/Transition Nets,” J. IEEE
Transactions on Computers, vol. 64, no. 9, pp. 2490-2505, Sep. 1 2015,
doi: 10.1109/TC.2014.2375189.
[7] Bishop M., ”Computer Security: Art and Science,” Boston:
Addison Wesley, pp. 3-6, 2003.
[8] EI Hassani A. A., EI Kalam A. A., Bouhoula A., et al., ”Integrity-OrBAC:
A New Model to Preserve Critical Infrastructures Integrity,” J.
International Journal of Information Security, vol. 14, no. 4, pp. 367-385,
Aug. 2014, doi: 10.1007/s10207-014-0254-9.
[9] Garnaut P., Thompson J., ”Review of Data Integrity Models in
Multi-Level Security Environments,” Technical Report DSTO-TN-0971,
Defence Science And Technology Organisation Edinburgh Command
Control Communications And Intelligence Div, Australia, Feb. 2012.
[10] Alexander P, Pike L, Loscocco P, et al., ”Model Checking Distributed
Mandatory Access Control Policies,” J. Acm Transactions on Information
& System Security, vol. 18, no. 6, pp. 1-25, Dec. 2015, doi:
10.1145/2785966.
[11] Watson, R.N.M.Feldman, B., Migus, A. and Vance,C. Design
and implementation of the TrustedBSD MAC Framework.
Proc. the Third DARPA Information Survivability Conference
and Exhibition, Washington,DC: IEEE, pp. 38-49. Apr. 2003,
doi:10.1109/DISCEX.2003.1194871.
[12] Wright, C., Cowan, C., Morris, J., Smalley, S. and Kroah-Hartman,
G., Linux security modules: General security support for the Linux
kernel. Proc. the 11th Usenix Security Symposium, Berkeley, CA: Usenix
Association, pp. 17-31, Dec. 2002, doi: 10.1109/FITS.2003.1264934.
[13] Robert N.M. Wats on. ”A Decade of OS Access-control Extensibility.”
J. Communications of the Acm,vol. 56, no. 2, pp. 52-63, Feb. 2013,
doi:10.1145/2408776.2408792.
[14] Zhang X., Sun Y., ”Dynamic Enforcement of the Strict Integrity Policy
in Biba’s Model,” J. Jisuanji Yanjiu yu Fazhan(Comput. Res. Dev.), vol.
42, no. 5, pp. 746-754, Apr. 2005.
[15] JUN ZHANG, LI-JUN YUN, ZHENG ZHOU, ”Research of BLP and
Biba Dynamic Union Model Based on Check Domain,” Proc. the Seventh
International Conference on Machine Learning and Cybernetics, Kunming:
IEEE, pp. 3679-3683, Jul. 2008, doi:10.1109/ICMLC.2008.4621044.
[16] Mingxi Zhang, ”Strict Integrity Policy of Biba Model with Dynamic
Characteristics and Its Correctness,” Proc. International Conference
on Computational Intelligence and Security(CIS ’09), Beijing: IEEE,
pp. 521-525, Dec. 2009, doi:10.1109/CIS.2009.58.
[17] Oleshchuk V., ”Trust-enhanced Data Integrity Model,” Proc. IEEE 1st
International Symposium on Wireless Systems (IDAACS-SWS), Offenburg:
IEEE, pp. 109-112, Sep. 2012, doi:10.1109/IDAACS-SWS.2012.6377645.
[18] Liu G., Zhang J., Liu J., et al., ”Improved Biba Model Based on Trusted
Computing,” J. Security and Communication Networks, vol. 8, no. 16,
pp. 2793-2797, Apr. 2015, doi:10.1002/sec.1201.
[19] A. Ferreira, D. Chadwick, P. Farinha, R. Correia, G. Zao, R.
Chilro, and L. Antunes, ”How to Securely Break into RBAC: The
btg-rbac model,” Proc. Computer Security Applications Conference,
Annual(ACSAC), Honolulu, Hawaii: IEEE Computer Society, pp. 23-31.
Dec. 2009, doi:10.1109/ACSAC.2009.12.
[20] Rissanen E., Firozabadi S., Sergot M., ”Towards a Mechanism for
Discretionary Overriding of Access Control,” 12th International Workshop,
Bruce Christianson, Bruno Crispo, James A. Malcolm, Michael Roe,
eds., Cambridge, UK: Springer Berlin Heidelberg, pp. 312-319. 2006,
doi:10.1007/11861386 38.
[21] Achim D. Brucker, Helmut Petritsch, ”Extending Access Control Models
with Break-glass,”Proc. the 14th ACM symposium on Access Control
Models and Technologies(SACMAT’09), NY, USA: ACM New York, pp.
197-206, 2009, doi:10.1145/1542207.1542239.
[22] ”Break-glass: An Approach to Granting Emergency Access to
Healthcare Systems,” White paper, Joint NEMA/COCIR/JIRA Security and
Privacy Committee(SPC), 2004.
[23] Anderson R., Stajano F., Lee J.H., ”Security Policies,” J. Advances in
Computers, vol. 2, no. 4, pp. 185-235, 2002.
[24] Helmut Petritsch, Handling Exceptional Situations in Access
Control, Springer Fachmedien Wiesbaden, pp. 37-50, Sep. 2014,
doi:10.1007/978-3-658-07365-7 3.
[25] Georgakakis, E., Nikolidakis, S.A., Vergados, D.D., and Douligeris, C.,
”Spatio Temporal Emergency Role Based Access Control (STEM-RBAC):
A time and location aware role based access control model
with a break the glass mechanism,” proc.IEEE Symposium on
Computers and Communications (ISCC), pp. 764-770, Jul. 2011,
doi:10.1109/ISCC.2011.5983932.
@article{"International Journal of Information, Control and Computer Sciences:75791", author = "Gang Liu and Can Wang and Runnan Zhang and Quan Wang and Huimin Song and Shaomin Ji", title = "BTG-BIBA: A Flexibility-Enhanced Biba Model Using BTG Strategies for Operating System", abstract = "Biba model can protect information integrity but might
deny various non-malicious access requests of the subjects, thereby
decreasing the availability in the system. Therefore, a mechanism that
allows exceptional access control is needed. Break the Glass (BTG)
strategies refer an efficient means for extending the access rights of
users in exceptional cases. These strategies help to prevent a system
from stagnation. An approach is presented in this work for integrating
Break the Glass strategies into the Biba model. This research proposes
a model, BTG-Biba, which provides both an original Biba model used
in normal situations and a mechanism used in emergency situations.
The proposed model is context aware, can implement a fine-grained
type of access control and primarily solves cross-domain access
problems. Finally, the flexibility and availability improvement with
the use of the proposed model is illustrated.", keywords = "Biba model, break the glass, context, cross-domain,
fine-grained.", volume = "11", number = "6", pages = "765-7", }
