Affiliation:
1. National University of Defense Technology
Abstract
The existence of trusted subjects is a major complication in implementing multilevel secure (MLS) systems. In MLS, trusted subjects are granted with privileges to perform operations possibly violating mandatory access control policies. It is difficult to prevent them from data leakage with out too strict confinement. This paper reconsiders the privilege from the view of sensitive data and presents a dynamic trusted domain (DTD) mechanism for trusted subjects. In DTD, a domain is associated with a special label structure (LabelVector) distinguishing security policies and builds an isolated environment based on virtualization for a certain trusted subject. The channel for the trusted subject to communicate with outsider is controlled by a trusted request decision maker (TRDM). Only the request satisfies the rules on domain label and security levels can be passed through.
Publisher
Trans Tech Publications, Ltd.
Reference9 articles.
1. R.S. Sandhu. Lattice-based access control models. IEEE Computer, Vol. 26, No. 11, pp.9-19, Nov. (1993).
2. Bell DE. Security policy modeling for the next-generation packet switch. In: Proc. Of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1988. 212-216.
3. XIE Jun, XU Feng, HUANG Hao. Trust Degree Based Multilevel Security Policy and Its Model of State Machine. Journal of Software. Vol15, No. 11, 2004: 1700-1708.
4. WU Yan-Jun, LIANG Hong-Liang, ZHAO Chen. A Multi-Level Security Model with Least Privilege Support for Trusted Subject. Journal of Software, Vol. 18, No. 3, 2007: 730-738.
5. Shaffer A., Auguston M., Irvine C. et al. A Security Domain Model for Implementing Trusted Subject Behaviors. Workshop on Modeling security (MODSEC'08), Toulouse, France, Sep. (2008).