loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Z. Cliffe Schreuders and Christian Payne

Affiliation: School of IT, Murdoch University, Australia

Keyword(s): Application-Oriented Access Control, Application Confinement, Sandbox, Functionality-Based Application Confinement (FBAC), Role-Based Access Control (RBAC), Usable Security.

Related Ontology Subjects/Areas/Topics: Access Control ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Web Information Systems and Technologies

Abstract: Traditional user-oriented access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot differentiate between processes acting on behalf of users and those behaving maliciously. Consequently, these models are limited in their ability to protect users from the threats posed by vulnerabilities and malicious software as all code executes with full access to all of a user's permissions. Application-oriented schemes can further restrict applications thereby limiting the damage from malicious code. However, existing application-oriented access controls construct policy using complex and inflexible rules which are difficult to administer and do not scale well to confine the large number of feature-rich applications found on modern systems. Here a new model, Functionality-Based Application Confinement (FBAC), is presented which confines applications based on policy abstractions that can flexibly represent the functional requirements of application s. FBAC policies are parameterised allowing them to be easily adapted to the needs of individual applications. Policies are also hierarchical, improving scalability and reusability while conveniently abstracting policy detail where appropriate. Furthermore the layered nature of policies provides defence in depth allowing policies from both the user and administrator to provide both discretionary and mandatory security. An implementation FBAC-LSM and its architecture are also introduced. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.85.38.100

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Cliffe Schreuders, Z. and Payne, C. (2008). FUNCTIONALITY-BASED APPLICATION CONFINEMENT - Parameterised Hierarchical Application Restrictions. In Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT; ISBN 978-989-8111-59-3; ISSN 2184-3236, SciTePress, pages 72-77. DOI: 10.5220/0001928900720077

@conference{secrypt08,
author={Z. {Cliffe Schreuders}. and Christian Payne.},
title={FUNCTIONALITY-BASED APPLICATION CONFINEMENT - Parameterised Hierarchical Application Restrictions},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT},
year={2008},
pages={72-77},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001928900720077},
isbn={978-989-8111-59-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT
TI - FUNCTIONALITY-BASED APPLICATION CONFINEMENT - Parameterised Hierarchical Application Restrictions
SN - 978-989-8111-59-3
IS - 2184-3236
AU - Cliffe Schreuders, Z.
AU - Payne, C.
PY - 2008
SP - 72
EP - 77
DO - 10.5220/0001928900720077
PB - SciTePress