Two Dimensional Labelled Security Model with Partially Trusted Subjects and Its Enforcement Using SELinux DTE Mechanism
Personal computers are often used in small office and home environment for a wide range of purposes – from general web browsing and e-mail processing to processing data that are sensitive regarding their confidentiality and/or integrity. Discretionary access control mechanism implemented in the comm...
Saved in:
| Published in | Networked Digital Technologies pp. 259 - 272 |
|---|---|
| Main Author | |
| Format | Book Chapter |
| Language | English |
| Published |
Berlin, Heidelberg
Springer Berlin Heidelberg
2010
|
| Series | Communications in Computer and Information Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3642142915 9783642142918 |
| ISSN | 1865-0929 1865-0937 |
| DOI | 10.1007/978-3-642-14292-5_28 |
Cover
Loading…
| Abstract | Personal computers are often used in small office and home environment for a wide range of purposes – from general web browsing and e-mail processing to processing data that are sensitive regarding their confidentiality and/or integrity. Discretionary access control mechanism implemented in the common general purpose operating systems is insufficient to protect the confidentiality and/or the integrity of data against malicious or misbehaving applications running on behalf of a user authorized to access the data.
We present a security model, based on the Bell-La Padula and Biba models, that provides for both confidentiality and integrity protection, and that uses a notion of partially trusted subjects to limit the level of trust to be given to the processes that need to to pass information in the normally forbidden direction. We discuss a way to enforce the model’s policy using SELinux mechanism present in current Linux kernels. |
|---|---|
| AbstractList | Personal computers are often used in small office and home environment for a wide range of purposes – from general web browsing and e-mail processing to processing data that are sensitive regarding their confidentiality and/or integrity. Discretionary access control mechanism implemented in the common general purpose operating systems is insufficient to protect the confidentiality and/or the integrity of data against malicious or misbehaving applications running on behalf of a user authorized to access the data.
We present a security model, based on the Bell-La Padula and Biba models, that provides for both confidentiality and integrity protection, and that uses a notion of partially trusted subjects to limit the level of trust to be given to the processes that need to to pass information in the normally forbidden direction. We discuss a way to enforce the model’s policy using SELinux mechanism present in current Linux kernels. |
| Author | Janáček, Jaroslav |
| Author_xml | – sequence: 1 givenname: Jaroslav surname: Janáček fullname: Janáček, Jaroslav organization: Department of Computer Science, Faculty of Mathematics, Physics and Informatics, Comenius University, Bratislava, Slovakia |
| BookMark | eNo9kF1PwjAYhatiIiD_wIv-gWk_1m29NDCVZEQTxnXTdp0UR2fWLci_t-DHe3OSc05O3jwTMHKtMwDcYXSPEUofeJpFNEpiEuGYcBIxQbILMAs2DebZY5dgjLOERYjT9ApM_gLMRv8B4Tdg5v0OhWMZyjgbg0N5aOHC7o3ztnWygYVUpmlMBddGD53tj3DVVqaBB9tv4Zvseiub5gjLbvD9qTWondG9h9JVcBk0d3XbaRMGe7jx1r3DdV5YN3zBRZnDldFb6azf34LrWjbezH51CjZPeTl_iYrX5-X8sYg8xjSL4lgabbTGqOKUVJorWtdZVSWxqmuGSKYQM4nmBGtCuEqUiak0lGopK5RKRKeA_Oz6zy48Yzqh2vbDC4zECa0IDAUVAZY4YxQntPQbOGtrXQ |
| ContentType | Book Chapter |
| Copyright | Springer-Verlag Berlin Heidelberg 2010 |
| Copyright_xml | – notice: Springer-Verlag Berlin Heidelberg 2010 |
| DOI | 10.1007/978-3-642-14292-5_28 |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Library & Information Science Computer Science |
| EISBN | 9783642142925 3642142923 |
| EISSN | 1865-0937 |
| Editor | Yaghob, Jakub Pichappan, Pit Zavoral, Filip El-Qawasmeh, Eyas |
| Editor_xml | – sequence: 1 givenname: Filip surname: Zavoral fullname: Zavoral, Filip email: zavoral@ksi.mff.cuni.cz – sequence: 2 givenname: Jakub surname: Yaghob fullname: Yaghob, Jakub email: yaghob@ksi.mff.cuni.cz – sequence: 3 givenname: Pit surname: Pichappan fullname: Pichappan, Pit email: pichappan@dirf.org – sequence: 4 givenname: Eyas surname: El-Qawasmeh fullname: El-Qawasmeh, Eyas email: eyasa@usa.net |
| EndPage | 272 |
| GroupedDBID | 29F ALMA_UNASSIGNED_HOLDINGS RSU |
| ID | FETCH-LOGICAL-s1138-44aececc10d932dc9b3ff8dd64bff5028b05e6c921c229b6be43ae33caad07a03 |
| ISBN | 3642142915 9783642142918 |
| ISSN | 1865-0929 |
| IngestDate | Tue Jul 29 19:48:48 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-s1138-44aececc10d932dc9b3ff8dd64bff5028b05e6c921c229b6be43ae33caad07a03 |
| PageCount | 14 |
| ParticipantIDs | springer_books_10_1007_978_3_642_14292_5_28 |
| PublicationCentury | 2000 |
| PublicationDate | 2010 |
| PublicationDateYYYYMMDD | 2010-01-01 |
| PublicationDate_xml | – year: 2010 text: 2010 |
| PublicationDecade | 2010 |
| PublicationPlace | Berlin, Heidelberg |
| PublicationPlace_xml | – name: Berlin, Heidelberg |
| PublicationSeriesTitle | Communications in Computer and Information Science |
| PublicationSubtitle | Second International Conference, NDT 2010, Prague, Czech Republic, July 7-9, 2010. Proceedings, Part I |
| PublicationTitle | Networked Digital Technologies |
| PublicationYear | 2010 |
| Publisher | Springer Berlin Heidelberg |
| Publisher_xml | – name: Springer Berlin Heidelberg |
| SSID | ssj0000580895 ssj0000446660 ssib054953581 |
| Score | 1.3565315 |
| Snippet | Personal computers are often used in small office and home environment for a wide range of purposes – from general web browsing and e-mail processing to... |
| SourceID | springer |
| SourceType | Publisher |
| StartPage | 259 |
| SubjectTerms | partially trusted subjects Security model SELinux |
| Title | Two Dimensional Labelled Security Model with Partially Trusted Subjects and Its Enforcement Using SELinux DTE Mechanism |
| URI | http://link.springer.com/10.1007/978-3-642-14292-5_28 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1db9MwFLW68gI8AAXE19B9QLxEQUnspMkjokHTtCEkOrS3yHYcxCidRFsG_Ap-Mvc6duqyCWm8pFUU5euc2NfX51wz9qIVWpSJ1jGX0yoWhdKxEhw3rck6yQWOfciNfPyuODgRh6f56Wj0O1Atbdbqlf51pa_kf1DFfYgruWSvgexwUtyB_xFf3CLCuP0r-N1Ns7qCS1bAjQHj7PMnWvpjmyYPhYFyaefCUxs1zsyXXhqLfeNCft_hy8U5nugr6dltcvBI0pQEhaNuhTu7bJrTtL8nwsnF4mc0J88GHbVRZ1YYYvXF-FuTz0nb5GPU6xI-1Djw3fyIZvM6OjbkOPblC-llmdWuWWXV-xH7NSecanlwWvomKcxZWOlbmLPwOcvoHyW9rL1EUEG4aqeBLos8TiqXJTHhvr54jG-IXZ3xvk_P-uWBLnUXoUIELxbT1XBs3mTlHtublvmY3XhdHx599C1UTmpcXzDO9vU0He4GmH01-TIp7VI_w42Socg_SN6XfNo-WGDmvOouLk3P26hnfpfdJicMkEUFMbjHRmY5YXc8JuAwmLBbQVHLCdt3Vhh4CQFi_uj77AKZBgHTwDMNPNPAMg2IaTAwDRzTwDMNkBOATIOAaWCZBo5pgEyDgWkP2Mnbev7mIHbLf8SrNMVuWAhpNLYwadLiIKPVleJdV7ZtIVTX5RgXIx6m0FWW6iyrVKGM4NJwrqVsk6lM-EM2Xp4vzSMGlSjlNO8UFyoTMjFVm5uW69bqALhOHrPIv-eGPuhV46t5IyoNbxCVxqLSECpPrnX0U3Zz-wk8Y-P1t43Zx0B2rZ47dv0B5CaWdA |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Networked+Digital+Technologies&rft.au=Jan%C3%A1%C4%8Dek%2C+Jaroslav&rft.atitle=Two+Dimensional+Labelled+Security+Model+with+Partially+Trusted+Subjects+and+Its+Enforcement+Using+SELinux+DTE+Mechanism&rft.series=Communications+in+Computer+and+Information+Science&rft.date=2010-01-01&rft.pub=Springer+Berlin+Heidelberg&rft.isbn=9783642142918&rft.issn=1865-0929&rft.eissn=1865-0937&rft.spage=259&rft.epage=272&rft_id=info:doi/10.1007%2F978-3-642-14292-5_28 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1865-0929&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1865-0929&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1865-0929&client=summon |