In Guards We Trust: Security and Privacy in Operating Systems Revisited

Hanspach, Michael; Keller, Jörg

doi:10.1109/socialcom.2013.87

Cited by 5 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, we state some preliminary definitions of risk and security needed to form a collaboration system for risk mitigation, which is expected to rely on several security aspects [9], such as accountability or authentication and access control mechanisms [10]. For systems in which unknown users may enter, the concept of trust is usually used to monitor users behavior along time [11].…”

Section: Framing Data Structuresmentioning

confidence: 99%

A web-based cooperative tool for risk management with adaptive security

Fugini

Teimourikia

Hadjichristofi

2016

Future Generation Computer Systems

View full text Add to dashboard Cite

Risk management can benefit from Web-based tools fostering actions for treating risks in an environment, while having several individuals collaborating to face the endeavors related to risks. During the intervention, the security rules in place to preserve resources from unauthorized access, might need to be modified on the fly, e.g., increasing the privileges of risk managers or letting rescue teams view the exact position of the victims. Modifications should respect the overall security policies and avoid security conflicts. This paper presents a dynamic access control model for environmental risks involving physical resources. Data structures included in our Web application to represent both risk and security are given. To keep the dynamic security rules compliant with overall organization security objectives, we consider rules grouped in Access Control Domains so that changes do not create security conflicts during collaboration in risk management. Considering work environments as an example, risk and access control models are introduced. Security is built on the ABAC (Attribute Based Access Control) paradigm. A Risk Management System (RMS) is illustrated: it captures events, signals potential risks, and outputs strategies to prevent the risk. Dynamic authorization is included in the RMS to vary subjects' privileges on physical resources based on risk level, people position and so on. These concepts are implemented in a prototype Web application appearing as a Web Dashboard for risk management

show abstract

Section: Framing Data Structuresmentioning

confidence: 99%

A web-based cooperative tool for risk management with adaptive security

Fugini

Teimourikia

Hadjichristofi

2016

Future Generation Computer Systems

View full text Add to dashboard Cite

show abstract

“…To ensure that audio filtering is always-invoked in audio input and output, the access control policy of the component-based operating system needs to enforce that audio input and output devices can only be accessed via the audio guard. More details on the concept of an audio filtering guard are provided by Hanspach and Keller [17].…”

Section: Countermeasures Against Information Leaks From Covert Nementioning

confidence: 99%

On Covert Acoustical Mesh Networks in Air

Hanspach

Goetz

2013

JCM

Self Cite

123

View full text Add to dashboard Cite

Abstract-Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a meshed botnet or malnet that is accessible via inaudible audio transmissions. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities.

show abstract

“…Finally, exploiting illegitimate access to components would be a special case of a flawed system policy, where a policy circumvents an operating system guard g k that protects access to a component c k , managing a shared resource, and allows pi and pi to exchange messages via c k . The use of operating system guards to handle shared resources to protect applications from untrusted components has been described by Payne et al [29], Robinson et al [31,32], Heckman et al [15], and Hanspach and Keller [13].…”

Section: Related Workmentioning

confidence: 99%

A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems

Hanspach¹,

Keller²

2014

Preprint

Self Cite

View full text Add to dashboard Cite

We present a taxonomy and an algebra for attack patterns on component-based operating systems. In a multilevel security scenario, where isolation of partitions containing data at different security classifications is the primary security goal and security breaches are mainly defined as undesired disclosure or modification of classified data, strict control of information flows is the ultimate goal. In order to prevent undesired information flows, we provide a classification of information flow types in a component-based operating system and, by this, possible patterns to attack the system. The systematic consideration of informations flows reveals a specific type of operating system covert channel, the covert physical channel, which connects two former isolated partitions by emitting physical signals into the computer's environment and receiving them at another interface.

show abstract

In Guards We Trust: Security and Privacy in Operating Systems Revisited

Cited by 5 publications

References 24 publications

A web-based cooperative tool for risk management with adaptive security

A web-based cooperative tool for risk management with adaptive security

On Covert Acoustical Mesh Networks in Air

A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems

Contact Info

Product

Resources

About