Hardware-assisted application-level access control

Yu Yuan Chen, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Applications typically rely on the operating system to enforce access control policies such as MAC, DAC, or other policies. However, in the face of a compromised operating system, such protection mechanisms may be ineffective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive information, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-specific policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the dependency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator specifies who has access to the file created and maintains this control after the file has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can implement many different policies, not just the originator-controlled policy that we have defined. We also propose a general methodology for trust-partitioning an application into security-critical and non-critical parts.

Original languageEnglish (US)
Title of host publicationInformation Security - 12th International Conference, ISC 2009, Proceedings
Pages363-378
Number of pages16
DOIs
StatePublished - 2009
Event12th Information Security Conference, ISC 2009 - Pisa, Italy
Duration: Sep 7 2009Sep 9 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5735 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other12th Information Security Conference, ISC 2009
Country/TerritoryItaly
CityPisa
Period9/7/099/9/09

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Hardware-assisted application-level access control'. Together they form a unique fingerprint.

Cite this