Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity

Modern distributed systems are composed from several
off-the-shelf components, including operating systems, virtualization infrastructure, and application packages, upon which some custom application code (e.g., web application) is deployed. While several commodity systems now include mandatory access control (MAC) enforcement to protect the individual system, the complexity of distributed systems composed in this manner makes it difficult to identify how threats may be propagated throughout the system. As a result, security practitioners react to vulnerabilities when they are identified by adversaries, rather than proactively protecting the system's data integrity.In this paper, the goal is to develop a mostly-automated method to transform a set of commodity MAC policies into a system-wide policy that proactively provides classical integrity protection, in particular satisfying an approximation of the Clark-Wilson integrity model. The Clark-Wilson model prescribes integrity verification of security-critical data and mediation at program entrypoints to protect the integrity of processing that operates on security-critical data;
features that are currently missing in commodity system MAC policies. By solving a graph-cut problem over the information flows produced by available MAC policies, we identify a near-minimal placement for integrity verification and program mediation necessary to satisfy Clark-Wilson. We demonstrate the practicality of producing Clark-Wilson policies for distributed systems on a web application running on virtualized SELinux hosts, where our method finds that only 27 additional entrypoint mediators are sufficient to mediate the threats of remote adversaries, mediators for possible local threats can be computed automatically, and 20 integrity verification procedures are necessary to provide information flow integrity approximating Clark-Wilson integrity.





Author(s):

Divya Muthukumaran    
Penn State
United States

Sandra Rueda    
Universidad de los Andes
Colombia

Nirupama Talele    
Penn State
United States

Hayawardh Vijayakumar    
Penn State
United States

Jason Teutsch    
Penn State
United States

Trent Jaeger    
Penn State
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC