ABSTRACT
Current access control policies provide no mechanisms for incorporating user behavior in access control decisions, even though the way a user interacts with a program often indicates what the user expects that program to do. We develop a new approach to access control, focusing on single-user systems, in which the complete history of user and program actions can be used to improve the precision and expressiveness of access control policies. We describe mechanisms for securely capturing user actions, mapping those actions onto likely user intents, and a language for defining access control policies that incorporate user intentions. We implemented a prototype for capturing user intentions, and present results from experiments on malware mitigation using the prototype. Our results show that a very simple MAC policy can prevent a significant amount of system damage caused by malware while not interfering with most benign software.
- Anne Adams, and Martina Angela Sasse. Users Are Not the Enemy. Communications of the ACM, December 1999: 40--46. Google ScholarDigital Library
- Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In Proc. Symposium on Operating System Principles. 2003. Google ScholarDigital Library
- D. Elliot Bell and Leonard J. LaPadula. Secure Computer Systems: Mathematical Foundations. Technical Report. The MITRE Corporation, 1973.Google Scholar
- Kenneth J. Biba. Integrity Considerations for Secure Computer Systems. Technical Report. The MITRE Corporation, 1977.Google Scholar
- Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, and Randal E. Bryant. Semantics-Aware Malware Detection. In Proc. IEEE Symposium on Security and Privacy. 2005. Google ScholarDigital Library
- David D. Clark and David D. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proc. IEEE Symposium on Security and Privacy. 1987.Google Scholar
- Lorrie Cranor, and Simson Garfinkel. Security and Usability. O'Reilly, 2005. Google ScholarDigital Library
- Weidong Cui, Randy H. Katz, and Wai-tian Tan. BINDER: An Extrusion-based Break-In Detector for Personal Computers. In Proc. USENIX Security Symposium. 2005. Google ScholarDigital Library
- T. Daboczi, I. Kollar, G. Simon, and T. Megyeri. How to test graphical user interfaces. IEEE Instrumentation&Measurement Magazine, September 2003: 27--33.Google Scholar
- Dorothy E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, May 1976: 236--243. Google ScholarDigital Library
- Rachna Dhamija, J.D. Tygar, and Marti Hearst. Why Phishing Works. In Proc. ACM SIGCHI. 2006. Google ScholarDigital Library
- DoD Standard 5200.28-STD: Trusted Computer System Evaluation Criteria. United States Department of Defense, 1985.Google Scholar
- David Ferraiolo, and Richard Kuhn. Role-based Access Control. In Proc. National Computer Security Conference. 1992.Google Scholar
- Carrie Gates and Carol Taylor. Challenging the Anomaly Detection Paradigm: A Provocative Discussion. In Proc. New Security Paradigms Workshop. 2006. Google ScholarDigital Library
- Joseph Halpern, and Vicky Weissman. Using first-order logic to reason about policies. In Computer Security Foundations Workshop. 2003.Google ScholarCross Ref
- Steven B. Hirsch. Secure Keyboard Input Terminal. U.S. Patent 4,333,090. 1980.Google Scholar
- Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 1998: 151--180. Google ScholarDigital Library
- Galen Hunt and Doug Brubacher. Detours: Binary Interception of Win32 Functions. In Proc.USENIX Windows NT Symposium. 1999. Google ScholarDigital Library
- Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard A. Kemmerer. Behavior-based Spyware Detection. In Proc. USENIX Security Symposium. 2006. Google ScholarDigital Library
- Christopher Kruegel, William Robertson, and Giovanni Vigna. Detecting Kernel-Level Rootkits Through Binary Analysis. In Proc. Annual Computer Security Applications Conference. 2004. Google ScholarDigital Library
- Henry M. Levy. Capability-based Computer Systems. Digital Press, 1984.Google ScholarDigital Library
- Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, and Ruth C. Taylor. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computer Systems. In Proc. National Information Systems Security Conference. 1998.Google Scholar
- Microsoft Corporation. Microsoft Virtual PC. 2007. http://www.microsoft.com/windowsxp/virtualpc/Google Scholar
- Microsoft Corporation. Windows Vista: User Account Control. 2006.Google Scholar
- National Security Administration. Security-Enhanced Linux. 2007. http://www.nsa.gov/selinux/.Google Scholar
- Donald A. Norman. The Design of Everyday Things. Doubleday, 1988.Google Scholar
- Novell Corporation. AppArmor. http://www.novell.com/linux/security/apparmor/.Google Scholar
- OASIS. eXtensible Access Control Markup Language (XACML) version 2.0. 2006.Google Scholar
- Vern Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proc. USENIX Security Symposium. 1998. Google ScholarDigital Library
- C. Powers and M. Schunter. Enterprise Privacy Authorization Language (EPAL 1.2). W3C Member Submission, 2003.Google Scholar
- Sysinternals. Rootkit Revealer. 2006. http://www.sysinternals.com/Utilities/RootkitRevealer.Google Scholar
- Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, David Andersen, and Jay Lepreau. The FLASK Security Architecture: System Support for Diverse Security Policies. In Proc. USENIX Security Symposium. 1999. Google ScholarDigital Library
- Marc Stiegler, Alan H. Karp, Ka-Ping Yee, and Mark Miller. Polaris: Virus-safe Computing. Technical Report. Hewlett-Packard, 2004.Google Scholar
- Sun Microsystems. HotJava: The Security Story. 1995.Google Scholar
- Sun Microsystems. Java Security Overview. 2007. http://java.sun.com/javase/6/docs/technotes/guides.Google Scholar
- Symantec Corporation. Symantec Norton Antivirus. 2006. http://www.symantec.com.Google Scholar
- The Snort Project. Snort, The Open Source Network Intrusion Detection System. 2006. http://www.snort.org/.Google Scholar
- The Tripwire Project. Tripwire host-based IDS. 2007. http://sourceforge.net/projects/tripwire/.Google Scholar
- Michael C. Tschantz and Shriram Krishnamurthi. Towards Reasonability Properties for Access Control Policy Languages. In Proc. ACM SACMAT. 2006. Google ScholarDigital Library
- J.D. Tygar and Alma Whitten. Why Johnny Can't Encrypt. In Proc. USENIX Security Symposium. 1999.Google Scholar
- VMWare Corporation. VMWare. 2007. http://www.vmware.com.Google Scholar
- VMWare Corporation. Virtual Machine Communication Interface. 2007. http://pubs.vmware.com/vmci-sdk/VMCI_intro.html.Google Scholar
- David Wagner and Paulo Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. In Proc. ACM Conference on Computer and Communications Security. 2002. Google ScholarDigital Library
- David R. Wooten. Securing the User Input Path On NGSCB Systems. In Microsoft WinHEC. 2004. http://download.microsoft.com/download/1/8/f/18f8cee2-0b64-41f2893da6f2295b40c8/TW04055_WINHEC2004.ppt.Google Scholar
- Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In Proc. USENIX Security Symposium. 2006. Google ScholarDigital Library
- Ka-Ping Yee. Aligning Security and Usability. IEEE Security and Privacy Magazine, September 2004: 48--55. Google ScholarDigital Library
- Doug Beck, Binh Vo, and Chad Verbowski. Detecting Stealth Software with Strider GhostBuster. In Proc. Int. Conf. on Dependable Systems and Networks. 2005. Google ScholarDigital Library
Index Terms
- The user is not the enemy: fighting malware by tracking user intentions
Recommendations
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
SP '12: Proceedings of the 2012 IEEE Symposium on Security and PrivacyModern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web browsers, run each application in an isolated environment with limited privileges. A pressing open problem in such systems is how to allow users to grant applications ...
A Category-Based Model for ABAC
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access ControlIn Attribute-Based Access Control (ABAC) systems, access to resources is controlled by evaluating rules against the attributes of the user and the object involved in the access request, as well as the values of the relevant attributes from the ...
The Next 700 Policy Miners: A Universal Method for Building Policy Miners
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityA myriad of access control policy languages have been and continue to be proposed. The design of policy miners for each such language is a challenging task that has required specialized machine learning and combinatorial algorithms. We present an ...
Comments