Simplifying security policy descriptions for internet servers in secure operating systems

Toshihiro Yokoyama, Miyuki Hanaoka, Makoto Shimamura, Kenji Kono

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.

Original languageEnglish
Title of host publicationProceedings of the ACM Symposium on Applied Computing
Pages326-333
Number of pages8
DOIs
Publication statusPublished - 2009
Event24th Annual ACM Symposium on Applied Computing, SAC 2009 - Honolulu, HI, United States
Duration: 2009 Mar 82009 Mar 12

Other

Other24th Annual ACM Symposium on Applied Computing, SAC 2009
CountryUnited States
CityHonolulu, HI
Period09/3/809/3/12

Fingerprint

Computer operating systems
Servers
Internet
Network protocols
Access control
Processing
HTTP
Computer systems

Keywords

  • Internet server
  • Policy description
  • Secure operating system
  • SELinux

ASJC Scopus subject areas

  • Software

Cite this

Yokoyama, T., Hanaoka, M., Shimamura, M., & Kono, K. (2009). Simplifying security policy descriptions for internet servers in secure operating systems. In Proceedings of the ACM Symposium on Applied Computing (pp. 326-333) https://doi.org/10.1145/1529282.1529352

Simplifying security policy descriptions for internet servers in secure operating systems. / Yokoyama, Toshihiro; Hanaoka, Miyuki; Shimamura, Makoto; Kono, Kenji.

Proceedings of the ACM Symposium on Applied Computing. 2009. p. 326-333.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yokoyama, T, Hanaoka, M, Shimamura, M & Kono, K 2009, Simplifying security policy descriptions for internet servers in secure operating systems. in Proceedings of the ACM Symposium on Applied Computing. pp. 326-333, 24th Annual ACM Symposium on Applied Computing, SAC 2009, Honolulu, HI, United States, 09/3/8. https://doi.org/10.1145/1529282.1529352
Yokoyama T, Hanaoka M, Shimamura M, Kono K. Simplifying security policy descriptions for internet servers in secure operating systems. In Proceedings of the ACM Symposium on Applied Computing. 2009. p. 326-333 https://doi.org/10.1145/1529282.1529352
Yokoyama, Toshihiro ; Hanaoka, Miyuki ; Shimamura, Makoto ; Kono, Kenji. / Simplifying security policy descriptions for internet servers in secure operating systems. Proceedings of the ACM Symposium on Applied Computing. 2009. pp. 326-333
@inproceedings{26d1ecc60e9f4673a77bc9307e0e109d,
title = "Simplifying security policy descriptions for internet servers in secure operating systems",
abstract = "Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2{\%}, 27.5{\%}, and 24.0{\%} of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.",
keywords = "Internet server, Policy description, Secure operating system, SELinux",
author = "Toshihiro Yokoyama and Miyuki Hanaoka and Makoto Shimamura and Kenji Kono",
year = "2009",
doi = "10.1145/1529282.1529352",
language = "English",
isbn = "9781605581668",
pages = "326--333",
booktitle = "Proceedings of the ACM Symposium on Applied Computing",

}

TY - GEN

T1 - Simplifying security policy descriptions for internet servers in secure operating systems

AU - Yokoyama, Toshihiro

AU - Hanaoka, Miyuki

AU - Shimamura, Makoto

AU - Kono, Kenji

PY - 2009

Y1 - 2009

N2 - Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.

AB - Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.

KW - Internet server

KW - Policy description

KW - Secure operating system

KW - SELinux

UR - http://www.scopus.com/inward/record.url?scp=72949115921&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=72949115921&partnerID=8YFLogxK

U2 - 10.1145/1529282.1529352

DO - 10.1145/1529282.1529352

M3 - Conference contribution

AN - SCOPUS:72949115921

SN - 9781605581668

SP - 326

EP - 333

BT - Proceedings of the ACM Symposium on Applied Computing

ER -