Abstract :
Most commercial off-the-shelf(COTS) personal computer operating systems can´t provide information protection strong enough. Since these systems together with various applications running on them are so widely adopted, they won´t be replaced in near future. A practical solution for their vulnerabilities is to harden them. In this paper, a security enhancement architecture for COTS operating system is proposed. It consists of five key components: information flow hook(IFH), information flow parser(IFP), policy decision engine(PDE), application supporting layer(ASL), and policy enforcement component. IFH and IFP work together to make the rest part of the architecture be operating system independent. By this way, the architecture is made a general framework for COTS operating system security enhancement. PDE is an abstract layer of different policies, it makes the architecture be able to support multiple security policies. ASL is introduced for compatibility purposes, it mediates conflictions between enforced security policies and existing applications. In practice, the architecture can be implemented using Interposition technology thus requires neither source code nor binary level modification of the preexisting system.
Keywords :
grammars; operating systems (computers); security of data; software architecture; software packages; source coding; COTS operating system; application supporting layer; binary level modification; commercial off-the-shelf; information flow hook; information flow parser; information protection; personal computer operating systems; policy decision engine; policy enforcement component; security enhancement architecture; security policy; source code; Computer architecture; Computer security; Cryptography; Data security; Design engineering; Information security; Microcomputers; Operating systems; Protection; US Government;
Conference_Titel :
Data, Privacy, and E-Commerce, 2007. ISDPE 2007. The First International Symposium on
