Title :
LOMAC: Low Water-Mark integrity protection for COTS environments
Author_Institution :
NAI Labs., Glenwood, MD, USA
Abstract :
We hypothesize that a form of kernel-resident access control based integrity protection can gain widespread acceptance in commercial off-the-shelf (COTS) environments, provided that it couples some useful protection with a high degree of compatibility with existing software, configurations, and practices. To test this hypothesis, we have developed a highly compatible free open-source prototype called LOMAC, and released it on the Internet. LOMAC is a dynamically loadable extension for COTS Linux kernels that provides integrity protection based on Low Water-Mark access control. We present a classification of existing access control models with regard to compatibility, concluding that models similar to Low Water-Mark are especially well suited to high-compatibility solutions. We also describe our practical strategies for dealing with the pathological cases in the Low Water-Mark model´s behavior which include a small extension of the model, and an unusual application of its concepts
Keywords :
Internet; Unix; authorisation; data integrity; operating system kernels; public domain software; software packages; COTS Linux kernels; COTS environments; Internet; LOMAC; Low Water-Mark access control; Low Water-Mark integrity protection; access control models; commercial off-the-shelf environments; dynamically loadable extension; high-compatibility solutions; highly compatible free open-source prototype; kernel-resident access control based integrity protection; pathological cases; Access control; Internet; Kernel; Linux; Open source software; Pathology; Protection; Prototypes; Software prototyping; Testing;
Conference_Titel :
Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
0-7695-0665-8
DOI :
10.1109/SECPRI.2000.848460
