A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux

Architecture and implementation of online communities

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references.by Philip Greenspun.Ph.D

Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D

Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls

Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that can be caused by malicious code. Unfortunately existing application-oriented access controls have policy complexity and usability problems that have limited their use. This thesis proposes a new access control model, known as functionality-based application confinement (FBAC). The FBAC model has a number of unique features designed to overcome problems with previous approaches. Policy abstractions, known as functionalities, are used to assign authority to applications based on the features they provide. Functionalities authorise elaborate sets of finely grained privileges based on high-level security goals, and adapt to the needs of specific applications through parameterisation. FBAC is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy. It also simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls. An LSM-based (Linux security module) prototype implementation, known as FBAC-LSM, was developed as a proof-of-concept and was used to evaluate the new model and associated techniques. The policy requirements of over one hundred applications were analysed, and policy abstractions and application policies were developed. Analysis showed that the FBAC model is capable of representing the privilege needs of applications. The model is also well suited to automaiii tion techniques that can in many cases create complete application policies a priori, that is, without first running the applications. This is an improvement over previous approaches that typically rely on learning modes to generate policies. A usability study was conducted, which showed that compared to two widely-deployed alternatives (SELinux and AppArmor), FBAC-LSM had significantly higher perceived usability and resulted in significantly more protective policies. Qualitative analysis was performed and gave further insight into the issues surrounding the usability of application-oriented access controls, and confirmed the success of the FBAC model

Simple and secured access to networked home appliances via internet using SSL, BioHashing and single Authentication Server

This thesis describes a web-based application that will enable users to access their networked home appliances over the Internet in an easy, secured, accessible and cost effective manner, using the user's iris image only for authentication. As Internet is increasingly gaining significance and popularity in our daily lives, various home networking technologies also started gaining importance from consumers, which helped in facilitating interoperability, sharing of services and exchange of information between different electronic devices at home. As a result, the demand to be able to access home appliances or security cameras over the Internet gradually grew. In this research, we propose an efficient, secured, low-cost and user-friendly method to access networked home appliances over the Internet, providing strong, well integrated, three levels of security to the whole application and user data. According to our design, the user's iris data after hashing (using BioHashing) is sent through a secure communication channel utilizing Secure Sockets Layer v-3.0. The deterministic feature sequence from the iris image is extracted using 1D log-Gabor filters and while performing BioHashing, the orthonormalization of the pseudorandom number is implemented employing Gram-Schmidt orthonormalization algorithm. In addition to this protected data transfer mechanism, we propose the design of an Authentication Server that can be shared among multiple homes, allowing numerous users to access their home appliances in a trouble-free and secured manner. It can also bring down the cost of commercial realization of this endeavor and increase its accessibility without compromising on system security. We demonstrate that the recognition efficiency of this system is computationally effective with equal error rate (EER) of 0% and 6.75% (average) in two separate conditions on CASIA 1 and CASIA 2 iris image datasets

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Adventures in software engineering : plugging HCI & acessibility gaps with open source solutions

There has been a great deal of research undertaken in the field of Human-Computer Interfaces (HCI), input devices, and output modalities in recent years. From touch-based and voice control input mechanisms such as those found on modern smart-devices to the use of touch-free input through video-stream/image analysis (including depth streams and skeletal mapping) and the inclusion of gaze tracking, head tracking, virtual reality and beyond - the availability and variety of these I/O (Input/Output) mechanisms has increased tremendously and progressed both into our living rooms and into our lives in general. With regard to modern desktop computers and videogame consoles, at present many of these technologies are at a relatively immature stage of development - their use often limited to simple adjuncts to the staple input mechanisms of mouse, keyboard, or joystick / joypad inputs. In effect, we have these new input devices - but we're not quite sure how best to use them yet; that is, where their various strengths and weaknesses lie, and how or if they can be used to conveniently and reliably drive or augment applications in our everyday lives. In addition, much of this technology is provided by proprietary hardware and software, providing limited options for customisation or adaptation to better meet the needs of specific users. Therefore, this project investigated the development of open source software solutions to address various aspects of innovative user I/O in a flexible manner. Towards this end, a number of original software applications have been developed which incorporate functionality aimed at enhancing the current state of the art in these areas and making that software freely available for use by any who may find it beneficial.Doctor of Philosoph