A Dynamic End-to-End Security for Coordinating Multiple Protections within a Linux Desktop

Index Terms-end-to-end security, multi-domains, protection mechanisms, coordination, Linux. Abstract-Currently, application protection models are mostly static and independent. It means that the applications cannot handle multiple domains to manage accordingly the permissions for a given user request. Managing multiple domains is becoming a more and more common issue as desktop applications are growing in complexity to provide better-designed user interfaces. Today, protection systems are almost everywhere. Multiple systems of protection are available from the Linux kernel such as SELinux or PIGA-Protect to get a Mandatory Protection. Those systems provide a per-syscall validation process. Network protections are also available such as the IPtables firewalling mechanism. Protections for languages or frameworks also exist such as for Java or .NET. But, solutions are missing for coordinating the various mechanisms that protect different levels of the global information system. The purpose is to reuse and coordinate efficiently those different levels of protection in order to provide a end-to-end protection that manages dynamically multiple domains. Thus, the same host can support multiple domains for the user requests while providing a transparent endto-end security that protects against complex scenarios of attack. This paper describes an attempt to deliver such a system for controlling efficiently the user requests

Enforcement of security properties for dynamic MAC policies

International audienceThis paper focuses on the enforcement of security properties fitting with dynamic mandatory access control policies. It adds complementary results to previous works of the authors in order to better address dynamic policies. Previous works of the authors provide several advances for enforcing the security of MAC system.An administration language for formalizing a large set of security properties is available to system administrators. That language uses several flow operators and ease the formalization of the required security properties. A solution is also available for computing the possible violations of any security property that can be formalized using our language. That solution computes several flow graphs in order to find all the allowed activities that can violate the requested properties. That paper addresses remaining problems related to the enforcement of the same kind of properties but with dynamic MAC policies. Enforcement is more much complex if we consider dynamic policies since the states of those policies are theoretically infinite. A new approach is proposed for dynamic MAC policies. The major idea is to use a meta-policy language for controlling the allowed evolutions of those dynamic policies. According to those meta-policy constraints, the computation problem becomes easier. The proposed solution adds meta-nodes within the considered flow graphs. A general algorithm is given for computing the required meta-nodes and the associated arcs. The proposed meta-graphs provide an overestimation of the possible flows between the different meta-nodes. The computation of the possible violations within the allowed dynamic policies is thus allowed. Several concrete security properties are considered using regular expressions for identifying the requested meta-contexts. The resulting violations, within the allowed meta-graphs, are computed and real violations are presented