FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W156636394> ?p ?o ?g. }

• W156636394 abstract "It has long been recognized that widely used contemporary systems have relatively weak security and stronger operating system security models are required. In particular, the design of widely-used security models is such that the highest level of privileges available on the system are often highly exposed. If an attack is successful and the attacker attains a high level of privilege, all of the security mechanisms on the system may typically be bypassed.Despite such limitations, weak models remain ubiquitous as more secure alternatives are complex and therefore harder to configure and audit for correctness. This is especially problematic when the user and administrator are the same person, as is often the case in widespread workstation environments. To be used effectively, security models must be simple enough to be easily conceptualised by users and consistent with their requirements.Careful application of cryptography can often improve security. However, in the domain of operating system security to date, the use of cryptography has largely involved the creation of ad hoc, standalone mechanisms. Cryptographic file systems exist to protect the confidentiality of data, but have little or no connection with existing access control theory. For example, some allow of data between users but none provide all of the expected properties available in conventional, fully-fledged access control mechanisms such as secure and convenient revocation and prevention of authorisation transference. Filesystem integrity checkers use cryptographic hashes or digital signatures to ensure objects have not been modified, thereby protecting against substitution of malicious code. However, existing schemes lack the supporting infrastructure of an underlying security model to properly discriminate between verified and unverified objects. Furthermore, key management-related interdependencies between these different mechanisms have not been recognized and, as a result, work in this area has so far progressed in a somewhat disjointed and piecemeal manner.This research describes a new security model, known as Vaults, that utilises cryptography to provide improved security. In particular, the new model aims to be secure against an attacker who has achieved a high level of privilege on the system. Vaults provides a cryptographically-enhanced access control model that protects from unauthorised read and write access. It also facilitates secure, authenticated of data between users using semantics consistent with traditional non-cryptographic access control models.The Vaults access control mechanism is supported by a flexible and convenient key management architecture that can be used for both file access keys and generic application secrets. Access to these values is controlled by a mechanism for cryptographically verifying the integrity of programs and the data objects with which they interact. However, unlike previous schemes, Vaults not only prevents execution of illicitly modified trusted code, but also assigns different privilege levels to verified and unverified processes. Furthermore, partially-trusted processes can be confined to specifically defined objects if required. This approach provides a mechanism for authenticated user interaction with security-critical system components and therefore represents a new interpretation of the traditional notion of a physical trusted path that can be extended to any appropriate object on the system. Finally, all of these mechanisms apply on both a global and local level, allowing administrators to create system-wide policies, and users to extend and refine these to suit their own security needs.However this flexibility does not come at the cost of great complexity and the basics of using the scheme can be easily explained to users as they can be expressed using conceptually simple abstractions such as locking files and sharing keys. The use of cryptography in this way also serves to weaken the traditional association between privilege and identity, as access is permitted or denied based upon possession of the required token rather than the identity of the requesting process. Such a design has the dual effects of constraining the powers of privileged users and lowering their exposure to attack by reducing privileges to a token, which is generally easier to protect than an identity.After developing the model, a series of large-scale attack trees were constructed to analyse its security. The attack trees were used to both refine the design of the security model and also evaluate the assertion that the model retains its security properties when under attack by a user who has gained the ability to bypass the security kernel and directly access the secondary storage device. The results of this analysis demonstrate the advantages of applying cryptography to the problem of operating system security and show that the Vaults model is able to maintain its security properties in the face of attacks that are normally excluded 'by assumption' under existing computer security models. Vaults is therefore a novel and comprehensive model for integrating cryptography into the operating system in a manner that improves security, while remaining both flexible and usable." @default.
• W156636394 created "2016-06-24" @default.
• W156636394 creator A5016507603 @default.
• W156636394 date "2009-01-01" @default.
• W156636394 modified "2023-09-26" @default.
• W156636394 title "A cryptographically-based operating system security model that protects against privileged attackers" @default.
• W156636394 cites W14604815 @default.
• W156636394 cites W1482974650 @default.
• W156636394 cites W1504669610 @default.
• W156636394 cites W1505010935 @default.
• W156636394 cites W154231405 @default.
• W156636394 cites W1552671835 @default.
• W156636394 cites W1559155956 @default.
• W156636394 cites W1559498407 @default.
• W156636394 cites W1591302859 @default.
• W156636394 cites W1801030048 @default.
• W156636394 cites W1890449996 @default.
• W156636394 cites W191839766 @default.
• W156636394 cites W1985221117 @default.
• W156636394 cites W1989449504 @default.
• W156636394 cites W2032589423 @default.
• W156636394 cites W2099287006 @default.
• W156636394 cites W2143721427 @default.
• W156636394 cites W2150010995 @default.
• W156636394 cites W2152505375 @default.
• W156636394 cites W2162022335 @default.
• W156636394 cites W2340406763 @default.
• W156636394 cites W2911857293 @default.
• W156636394 cites W2095881341 @default.
• W156636394 hasPublicationYear "2009" @default.
• W156636394 type Work @default.
• W156636394 sameAs 156636394 @default.
• W156636394 citedByCount "0" @default.
• W156636394 crossrefType "dissertation" @default.
• W156636394 hasAuthorship W156636394A5016507603 @default.
• W156636394 hasConcept C103377522 @default.
• W156636394 hasConcept C111919701 @default.
• W156636394 hasConcept C121822524 @default.
• W156636394 hasConcept C140547941 @default.
• W156636394 hasConcept C178489894 @default.
• W156636394 hasConcept C184842701 @default.
• W156636394 hasConcept C195518309 @default.
• W156636394 hasConcept C199360897 @default.
• W156636394 hasConcept C2775892892 @default.
• W156636394 hasConcept C2777810591 @default.
• W156636394 hasConcept C2779960059 @default.
• W156636394 hasConcept C38652104 @default.
• W156636394 hasConcept C41008148 @default.
• W156636394 hasConcept C527821871 @default.
• W156636394 hasConcept C55439883 @default.
• W156636394 hasConcept C79974875 @default.
• W156636394 hasConceptScore W156636394C103377522 @default.
• W156636394 hasConceptScore W156636394C111919701 @default.
• W156636394 hasConceptScore W156636394C121822524 @default.
• W156636394 hasConceptScore W156636394C140547941 @default.
• W156636394 hasConceptScore W156636394C178489894 @default.
• W156636394 hasConceptScore W156636394C184842701 @default.
• W156636394 hasConceptScore W156636394C195518309 @default.
• W156636394 hasConceptScore W156636394C199360897 @default.
• W156636394 hasConceptScore W156636394C2775892892 @default.
• W156636394 hasConceptScore W156636394C2777810591 @default.
• W156636394 hasConceptScore W156636394C2779960059 @default.
• W156636394 hasConceptScore W156636394C38652104 @default.
• W156636394 hasConceptScore W156636394C41008148 @default.
• W156636394 hasConceptScore W156636394C527821871 @default.
• W156636394 hasConceptScore W156636394C55439883 @default.
• W156636394 hasConceptScore W156636394C79974875 @default.
• W156636394 hasLocation W1566363941 @default.
• W156636394 hasOpenAccess W156636394 @default.
• W156636394 hasPrimaryLocation W1566363941 @default.
• W156636394 hasRelatedWork W101406501 @default.
• W156636394 hasRelatedWork W1482801714 @default.
• W156636394 hasRelatedWork W1516211918 @default.
• W156636394 hasRelatedWork W1520224699 @default.
• W156636394 hasRelatedWork W1545917948 @default.
• W156636394 hasRelatedWork W1552121361 @default.
• W156636394 hasRelatedWork W1777729101 @default.
• W156636394 hasRelatedWork W183080438 @default.
• W156636394 hasRelatedWork W1991415656 @default.
• W156636394 hasRelatedWork W200839506 @default.
• W156636394 hasRelatedWork W2101325954 @default.
• W156636394 hasRelatedWork W2923564932 @default.
• W156636394 hasRelatedWork W2952191035 @default.
• W156636394 hasRelatedWork W3143647136 @default.
• W156636394 hasRelatedWork W3203998160 @default.
• W156636394 hasRelatedWork W3331062 @default.
• W156636394 hasRelatedWork W2184119306 @default.
• W156636394 hasRelatedWork W2326470311 @default.
• W156636394 hasRelatedWork W2509336622 @default.
• W156636394 hasRelatedWork W2680206156 @default.
• W156636394 isParatext "false" @default.
• W156636394 isRetracted "false" @default.
• W156636394 magId "156636394" @default.
• W156636394 workType "dissertation" @default.