TY - GEN
T1 - Hardware-assisted application-level access control
AU - Chen, Yu Yuan
AU - Lee, Ruby B.
PY - 2009
Y1 - 2009
N2 - Applications typically rely on the operating system to enforce access control policies such as MAC, DAC, or other policies. However, in the face of a compromised operating system, such protection mechanisms may be ineffective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive information, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-specific policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the dependency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator specifies who has access to the file created and maintains this control after the file has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can implement many different policies, not just the originator-controlled policy that we have defined. We also propose a general methodology for trust-partitioning an application into security-critical and non-critical parts.
AB - Applications typically rely on the operating system to enforce access control policies such as MAC, DAC, or other policies. However, in the face of a compromised operating system, such protection mechanisms may be ineffective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive information, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-specific policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the dependency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator specifies who has access to the file created and maintains this control after the file has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can implement many different policies, not just the originator-controlled policy that we have defined. We also propose a general methodology for trust-partitioning an application into security-critical and non-critical parts.
UR - http://www.scopus.com/inward/record.url?scp=70350376421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350376421&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-04474-8_29
DO - 10.1007/978-3-642-04474-8_29
M3 - Conference contribution
AN - SCOPUS:70350376421
SN - 3642044735
SN - 9783642044731
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 363
EP - 378
BT - Information Security - 12th International Conference, ISC 2009, Proceedings
T2 - 12th Information Security Conference, ISC 2009
Y2 - 7 September 2009 through 9 September 2009
ER -