The KIPS Transactions:PartD (정보처리학회논문지D)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Test on the Security and Performance on the Basis of the Access Control Policy Implemented by Secure OS

안전한 운영체제 접근제어 정책에 대한 보안성 및 성능 시험

  • Published : 2003.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

SecuROS(Secure & Reliable Operating System) prevents and blocks possible system cracking by implementing additional security functions in FreeBSD 4.3 operating system (OS) kernel, including access control, user authentication, audit trail, encryption file system and trusted channel. This paper describes access control technique, which is one of core technologies of SecuROS, introduces the implementations of DAC, MAC and RBAC, all of which are corresponding access control policies, and show security and results of performance measurement on the basis of application of access control policies. Finally, security and performance between conventional OS environment and environment adopting access control policy is described.

SecuROS(Secure & Reliable Operating System) 시스템은 FreeBSD 4.3 운영체제 커널에 접근 제어, 사용자 인증, 감사 추적, 암호화 파일 시스템, 신뢰 채널 등의 보안 기능을 추가 구현하여 시스템에 발생 가능한 해킹을 방지하고 차단하는 시스템을 말한다. 본 논문에서는 SecuROS의 핵심 기술 중에 하나인 접근제어 기법을 기술하고, 해당 접근제어 정책인 DAC, MAC, RBAC의 구현 내용을 소개하며, 접근제어 정책의 적용에 따른 보안성과 성능 시험을 위한 도구 및 방법을 나타낸다. 기존의 운영체제 환경과 새로운 접근제어 정책을 적용한 환경 사이의 보안성 및 성능의 상관 관계를 기술한다.

Keywords

References

  1. J. G. Ko, J. N. Kim and K. I. Jeong, 'Access Control for Secure FreeBSD Operating System,' Proc. of WISA2001, The Second International Workshop on Information Secu-rity Applications, 2001
  2. Peter A. Loscocco, Wtephen D. Dmalley, Patric A. Muc-kelbauer, Ruth C. Taylor, S. Jeff Truner, John F. Farrel, 'The Inevitablity of Failure : The Flawed Assumption of Security in Modern Computing Environments,' National Security Agency, 1997
  3. Bell, David Elliott and Leonard J. La Padula, 'Secure computer system : Unified exposition and multics inter-pretation,' MITRE Technical Report 2997, MITRE Corp, Bedford, MA, 1975
  4. David F. Ferraiolo, Ravi Sandu and Serban Gavrila, 'A Proposed Standard for Role-Based Access Control,' ACM transaction on Information and System Security, Vol.4, No.3, pp.224-274, Aug., 2001, http://csrc.nist.gov/rbac/ https://doi.org/10.1145/501978.501980
  5. Roos Lindgreen, Herschberg I. S., 'On the Validity of the Bell-Lapadula Model,' Computer & Security, Vol.13, pp. 317-338, 1994 https://doi.org/10.1016/0167-4048(94)90023-X
  6. UNICOS Multilevel Security (MLS) Features Users Guide, SG-21111 10.0, http://rcs21.urz.tu-dresden.de:80/ebt-bin/nph-dweb/dyna web./@Generic_BookTextVie
  7. http://www.hpcc.gov/pubs/blue97/nsa/secureos.html
  8. http://www.cs.utah.edu/flux/fluke/html/linux.html
  9. DOD 5200.28-STD, 'Department of Defense Trusted Com-puter System Evaluation Criteria,' December, 1985
  10. D. Ferraolo and R, Kuhn, 'Role-Based Access Control,' Proceeding of the 15th National Computer Security Conference, 1992
  11. R. Graubart, 'Operating System Support for Trusted Ap-plications,' Proceedings of the 15th National Computer Security Conference, 1992
  12. M. Harrison et al., 'Protection in Operating Systems,' Communications of ACM 19(8), August, 1976 https://doi.org/10.1145/360303.360333
  13. Secure Computing Corporation, 'Assurance in the Fluke Microkernel : Formal Security Policy Model,' Technical report MD A904-97-C-3047 CDRL A003, March, 1998
  14. FreeBSD 4.3-RELEASE Source Code