Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls

Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that can be caused by malicious code. Unfortunately existing application-oriented access controls have policy complexity and usability problems that have limited their use. This thesis proposes a new access control model, known as functionality-based application confinement (FBAC). The FBAC model has a number of unique features designed to overcome problems with previous approaches. Policy abstractions, known as functionalities, are used to assign authority to applications based on the features they provide. Functionalities authorise elaborate sets of finely grained privileges based on high-level security goals, and adapt to the needs of specific applications through parameterisation. FBAC is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy. It also simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls. An LSM-based (Linux security module) prototype implementation, known as FBAC-LSM, was developed as a proof-of-concept and was used to evaluate the new model and associated techniques. The policy requirements of over one hundred applications were analysed, and policy abstractions and application policies were developed. Analysis showed that the FBAC model is capable of representing the privilege needs of applications. The model is also well suited to automaiii tion techniques that can in many cases create complete application policies a priori, that is, without first running the applications. This is an improvement over previous approaches that typically rely on learning modes to generate policies. A usability study was conducted, which showed that compared to two widely-deployed alternatives (SELinux and AppArmor), FBAC-LSM had significantly higher perceived usability and resulted in significantly more protective policies. Qualitative analysis was performed and gave further insight into the issues surrounding the usability of application-oriented access controls, and confirmed the success of the FBAC model

Police Cybercrime Training: Perceptions, Pedagogy, and Policy

Cybercrime has become one of the most pressing developments for police organisations to engage with over recent years. One of the key challenges is to understand how best to effectively impart relevant skills and knowledge about cybercrime throughout the organisation to enable police officers to react appropriately to such illicit behaviours. This paper is drawn from mixed-methods research undertaken as part of the CARI Project, a major study into the effectiveness of cybercrime investigation within a large UK police force funded by the Police Knowledge Fund . As part of the needs assessment for the above project, concerns were raised about the effectiveness of existing training arrangements in facilitating the development of cyber skills within police officers. The present research, based on survey data, sought to explore the effectiveness of different training styles as perceived by those who had undertaken cyber training. The research found that officers perceived some modes of training as considerably more effective than others and highlighted some of the organisational contexts that impact negatively on the delivery of effective cyber training to police officers. Analysis of survey responses indicated that whilst eLearning is perceived as having some utility, such as in delivering refresher training, it is not perceived as effective as other forms of learning delivery. The findings are presented within a context, informed by existing literature, that acknowledges wider debates surrounding the pedagogy of police learning and the organisational challenges of developing cyber skills within police officers.The authors believe that the findings will have relevance to police training policy both in the UK and in the wider international context

Enhancing Cybersecurity Skills by Creating Serious Games

Adversary thinking is an essential skill for cybersecurity experts, enabling them to understand cyber attacks and set up effective defenses. While this skill is commonly exercised by Capture the Flag games and hands-on activities, we complement these approaches with a key innovation: undergraduate students learn methods of network attack and defense by creating educational games in a cyber range. In this paper, we present the design of two courses, instruction and assessment techniques, as well as our observations over the last three semesters. The students report they had a unique opportunity to deeply understand the topic and practice their soft skills, as they presented their results at a faculty open day event. Their peers, who played the created games, rated the quality and educational value of the games overwhelmingly positively. Moreover, the open day raised awareness about cybersecurity and research and development in this field at our faculty. We believe that sharing our teaching experience will be valuable for instructors planning to introduce active learning of cybersecurity and adversary thinking

Needs Assessment of Cybercrime and Digital Evidence in a UK Police Force

Cybercrime has recently surpassed, in terms of volume, all other forms of crime in the United Kingdom, and has been acknowledged as a national priority. The purpose of this research is to analyse the police cyber-investigation lifecycle: from the experience of the public when reporting cybercrime to call takers, through to the attending officers, officer(s) in charge, and the many units and roles involved in supporting cybercrime investigations. A large scale needs assessment was conducted within one of the largest police forces in England and Wales, involving focus groups and interviews with police staff and strategic leads across key units and roles. The results of the needs assessment document the state of policing cybercrime in a UK police force, along with the improvements and needs that exist across the force and in specific units and roles. In total, 125 needs were identified and further coded based on a thematic analysis. Common themes identified include: knowledge/training, communication, recording, software, roles, governance, procedures, resources, consistency, staffing, national input, face-to-face, interactions with the public, new capabilities, and triage. The most common needs were related to training and knowledge, communications, quality of recording, software, governance, procedures, resourcing, and national input. Due to the nature of the findings, it is likely that some of these identified areas may parallel other police organisations’ experiences at national and international levels

Functionality-Based Application Confinement: A Parameterised and Hierarchical Approach to Policy Abstraction for Rule-based Application-oriented Access Controls

I declare that this thesis is my own account of my research and contains as its main content work that has not previously been submitted for a degree at any tertiary education institution. Z. Cliffe Schreuders. Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that ca

The functionality-based application confinement model

This paper presents the functionality-based application confinement (FBAC) access control model. FBAC is an application-oriented access control model, intended to restrict processes to the behaviour that is authorised by end users, administrators, and processes, in order to limit the damage that can be caused by malicious code, due to software vulnerabilities or malware. FBAC is unique in its ability to limit applications to finely grained access control rules based on high-level easy-to-understand reusable policy abstractions, its ability to simultaneously enforce application-oriented security goals of administrators, programs, and end users, its ability to perform dynamic activation and deactivation of logically grouped portions of a process's authority, its approach to process invocation history and intersection-based privilege propagation, its suitability to policy automation techniques, and in the resulting usability benefits. Central to the model are 'functionalities', hierarchical and parameterised policy abstractions, which can represent features that applications provide; 'confinements', which can model simultaneous enforcement of multiple sets of policies to enforce a diverse range of types of application restrictions; and 'applications', which represent the processes to be confined. The paper defines the model in terms of structure (which is described in five components) and function, and serves as a culmination of our work thus far, reviewing the evaluation of the model that has been conducted to date