Abstract
Protecting end users from security threats is an extremely difficult, but increasingly critical, problem. Traditional security models that focused on separating users from each other have proven ineffective in an environment of widespread software vulnerabilities and rampant malware. However, alternative approaches that provide more finely grained security generally require greater expertise than typical end users can reasonably be expected to have, and consequently have had limited success.
The functionality-based application confinement (FBAC) model is designed to allow end users with limited expertise to assign applications hierarchical and parameterised policy abstractions based upon the functionalities each program is intended to perform. To validate the feasibility of this approach and assess the usability of existing mechanisms, a usability study was conducted comparing an implementation of the FBAC model with the widely used Linux-based SELinux and AppArmor security schemes. The results showed that the functionality-based mechanism enabled end users to effectively control the privileges of their applications with far greater success than widely used alternatives. In particular, policies created using FBAC were more likely to be enforced and exhibited significantly lower risk exposure, while not interfering with the ability of the application to perform its intended task. In addition to the success of the functionality-based approach, the usability study also highlighted a number of limitations and problems with existing mechanisms. These results indicate that a functionality-based approach has significant potential in terms of enabling end users with limited expertise to defend themselves against insecure and malicious software.
- Athey, J., Ashworth, C., Mayer, F., and Miner, D. 2007. Towards intuitive tools for managing SELinux: Hiding the details but retaining the power. In Proceedings of the Security Enhanced Linux Symposium.Google Scholar
- Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., and Haghighat, S. A. 1995. Practical domain and type enforcement for UNIX. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society. Google Scholar
Digital Library
- Bangor, A., Kortum, P. T., and Miller, J. T. 2008. An empirical evaluation of the system usability scale. Int. J. Hum.-Comput. Interact. 24, 6, 574--594.Google Scholar
Cross Ref
- Berman, A., Bourassa, V., and Selberg, E. 1995. TRON: Process-specific file protection for the UNIX operating system. In Proceedings of the Winter USENIX Conference. USENIX Association. Google Scholar
Digital Library
- Brooke, J. 1996. SUS: A quick and dirty usability scale. In Usability Evaluation in Industry, P. W. Jordan, B. Thomas, B. A. Weerdmeester, and I. L. McClelland Eds. Taylor & Francis, London, 189--194.Google Scholar
- Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., and Gligor, V. 2000. SubDomain: Parsimonious server security. In Proceedings of the USENIX 14th Systems Administration Conference (LISA). USENIX Association. Google Scholar
Digital Library
- Cranor, L. and Garfinkel, S. 2005. Security and Usability: Designing Secure Systems That People Can Use. O’Reilly Media, Inc. Google Scholar
Digital Library
- Dewitt, A. J. and Kuljis, J. 2006. Aligning usability and security: A usability study of Polaris. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS). ACM Press. Google Scholar
Digital Library
- Garfinkel, T. 2003. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the 10th Network and Distributed System Security Symposium.Google Scholar
- Greenwald, A. G. 1976. Within-subjects designs: To use or not to use. Psych. Bull. 83, 2, 314--320.Google Scholar
Cross Ref
- Hitchings, J. 1995. Deficiencies of the traditional approach to information security and the requirements for a new methodology. Comput. Sec. 14, 5, 377--383.Google Scholar
Digital Library
- Kamp, P.-H. and Watson, R. 2000. Jails: Confining the omnipotent root. In Proceedings of the 2nd International System Administration and Networking Conference (SANE’00).Google Scholar
- Krsti, I. and Garfinkel, S. L. 2007. Bitfrost: The one laptop per child security model. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS). ACM Press. Google Scholar
Digital Library
- Lewis, J. R. and Sauro, J. 2009. The factor structure of the system usability scale. In Proceedings of the International Conference on Human Centered Design. Springer-Verlag. Google Scholar
Digital Library
- Liang, Z., Sun, W., Venkatakrishnan, V. N., and Sekar, R. 2009. Alcatraz: An isolated environment for experimenting with untrusted software. ACM Trans. Info. Syst. Sec. 12, 3, 1--37. Google Scholar
Digital Library
- Madnick, S. E. and Donovan, J. J. 1973. Application and analysis of the virtual machine approach to information security. In Proceedings of the ACM Workshop on Virtual Computer Systems. Harvard University, Cambridge, MA. Google Scholar
Digital Library
- Miller, M. S., Tulloh, B., and Shapiro, J. S. 2004. The structure of authority: Why security is not a separable concern. In Proceedings of the Multiparadigm Programming in Mozart/Oz (MOZ). Springer-Verlag. Google Scholar
Digital Library
- Nakamura, Y., Sameshima, Y., and Tabata, T. 2009. SEEdit: SELinux security policy configuration system with higher level language. In Proceedings of the 23rd Large Installation System Administration Conference (LISA). USENIX Association. Google Scholar
Digital Library
- Novell AppArmor and SELinux Comparison. http://www.novell.com/linux/security/apparmor/selinux_comparison.html.Google Scholar
- Ott, A. 2002. The Role Compatibility Security Model.Google Scholar
- Potter, S., Nieh, J., and Selsky, M. 2007. Secure isolation of untrusted legacy applications. In Proceedings of the 21st Large Installation System Administration Conference (LISA’07). USENIX Association. Google Scholar
Digital Library
- Provos, N. 2002. Improving host security with system call policies. In Proceedings of the 12th USENIX Security Symposium. USENIX Association. Google Scholar
Digital Library
- Rubin, J. and Chisnell, D. 2004. How to plan, design and conduct effective tests. In Handbook of Usability Testing. Wiley India Pvt. Ltd., 129.Google Scholar
- Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 1278--1308.Google Scholar
Cross Ref
- Schreuders, Z. C. and Payne, C. 2008a. Functionality-based application confinement: parameterised hierarchical application restrictions. In Proceedings of the International Conference on Security and Cryptography (SECRYPT’08). INSTICC Press.Google Scholar
- Schreuders, Z. C. and Payne, C. 2008b. Reusability of functionality-based application confinement policy abstractions. In Proceedings of the 10th International Conference on Information and Communications Security (ICICS’08). Springer. Google Scholar
Digital Library
- Schreuders, Z. C., Payne, C., and McGill, T. 2011. Techniques for automating policy specification for application-oriented access controls. In Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES’11). IEEE Computer Society. Google Scholar
Digital Library
- Stiegler, M., Karp, A. H., Yee, K. P., Close, T., and Miller, M. S. 2006. Polaris: Virus-safe computing for Windows XP. Comm. ACM 49, 9, 83--88. Google Scholar
Digital Library
- Tucker, A. and Comay, D. 2004. Solaris zones: Operating system support for server consolidation. In Proceedings of the 3rd Virtual Machine Research and Technology Symposium Works-in-Progress.Google Scholar
- Vance, C. and Salamon, W. 2001. Implementing SELinux as a Linux security module. NAI Labs rep. #01-043, NSA.Google Scholar
- Wagner, D. A. 1999. Janus: An approach for confinement of untrusted applications. Tech. rep. CSD-99-1056, University of California, Berkeley. Google Scholar
Digital Library
- Zanin, G. and Mancini, L. V. 2004. Towards a formal model for security policies specification and validation in the SELinux system. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies. ACM Press. Google Scholar
Digital Library
- Zurko, M. E. and Simon, R. T. 1996. User-centered security, ACM Press. Google Scholar
Digital Library
Index Terms
Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor, and FBAC-LSM
Recommendations
Towards Usable Application-Oriented Access Controls: Qualitative Results from a Usability Study of SELinux, AppArmor and FBAC-LSM
A number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. However, configuring these systems to enforce end users' own security goals is often ...
Techniques for Automating Policy Specification for Application-oriented Access Controls
ARES '11: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and SecurityBy managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically ...
A Policy Language for Abstraction and Automation in Application-Oriented Access Controls: The Functionality-Based Application Confinement Policy Language
POLICY '11: Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and NetworksThis paper presents a new policy language, known as functionality-based application confinement policy language (FBAC-PL). FBAC-PL takes a unique approach to expressing application-oriented access control policies. Policies for restricting applications ...








Comments