Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

PULSE: a Pluggable User-space Linux Security Environment paper

Murray, A. and Grove, D.

    The discretionary access controls (DAC) employed by traditional operating systems only provide system administrators and users with a loose ability to specify the security policies of the system. In contrast, mandatory access controls (MAC) provide a stronger, finer-grained mechanism for specifying and enforcing system security policies. A related security concept called the principle of least authority (POLA) states that subjects should only have access to the specific resources that they absolutely require to function properly at any given time. Although a number of existing projects (Plash and Polaris) seek to provide POLA implementations, these are not enforced using strong MAC. Conversely, existing MAC implementations (SELinux and AppArmor) do not provide rigorous POLA because they do not provide an effective mechanism for dynamic policy modification based on user preferences. This paper presents our solution to fill this void, called the Pluggable User-space Linux Security Environment (PULSE), which implements a MAC enforced, dynamic, user-level POLA implementation. Through the use of user-space plug-ins to specify security policy, PULSE provides a high degree of dynamism, flexibility and usability which is not available in existing security architectures.
Cite as: Murray, A. and Grove, D. (2008). PULSE: a Pluggable User-space Linux Security Environment paper. In Proc. Sixth Australasian Information Security Conference (AISC 2008), Wollongong, NSW, Australia. CRPIT, 81. Brankovic, L. and Miller, M., Eds. ACS. 19-25.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS
 

 

ACS Logo© Copyright Australian Computer Society Inc. 2001-2014.
Comments should be sent to the webmaster at crpit@scem.uws.edu.au.
This page last updated 16 Nov 2007