Christian Payne

On the security of open source software

Abstract With the rising popularity of so‐called ‘open source’ software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internets basic infrastructure, many still question the suitability of such software for the commerce‐oriented Internet of the future. This paper evaluates the suitability of open source software with respect to one of the key attributes that tomorrows Internet will require, namely security. It seeks to present a variety of arguments that have been made, both for and against open source security and analyses in relation to empirical evidence of system security from a previous study. The results represent preliminary quantitative evidence concerning the security issues surrounding the use and development of open source software, in particular relative to traditional proprietary software.

Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor, and FBAC-LSM

Protecting end users from security threats is an extremely difficult, but increasingly critical, problem. Traditional security models that focused on separating users from each other have proven ineffective in an environment of widespread software vulnerabilities and rampant malware. However, alternative approaches that provide more finely grained security generally require greater expertise than typical end users can reasonably be expected to have, and consequently have had limited success. The functionality-based application confinement (FBAC) model is designed to allow end users with limited expertise to assign applications hierarchical and parameterised policy abstractions based upon the functionalities each program is intended to perform. To validate the feasibility of this approach and assess the usability of existing mechanisms, a usability study was conducted comparing an implementation of the FBAC model with the widely used Linux-based SELinux and AppArmor security schemes. The results showed that the functionality-based mechanism enabled end users to effectively control the privileges of their applications with far greater success than widely used alternatives. In particular, policies created using FBAC were more likely to be enforced and exhibited significantly lower risk exposure, while not interfering with the ability of the application to perform its intended task. In addition to the success of the functionality-based approach, the usability study also highlighted a number of limitations and problems with existing mechanisms. These results indicate that a functionality-based approach has significant potential in terms of enabling end users with limited expertise to defend themselves against insecure and malicious software.

Techniques for Automating Policy Specification for Application-oriented Access Controls

By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.

A Policy Language for Abstraction and Automation in Application-Oriented Access Controls: The Functionality-Based Application Confinement Policy Language

This paper presents a new policy language, known as functionality-based application confinement policy language (FBAC-PL). FBAC-PL takes a unique approach to expressing application-oriented access control policies. Policies for restricting applications are defined in terms of the features applications provide, by means of parameterised and hierarchical policy abstractions known as functionalities. Policies also include metadata for management and the automation of policy specification. The result is a novel scheme for application confinement policy that reuses, encapsulates and abstracts policy details, and facilitates a priori policy specification: that is, without having to rely solely on learning modes for creating policies to restrict applications. This paper presents the policy language, and illustrates its use with examples. A Linux-based implementation, which uses FBAC-PL, has demonstrated that this approach can overcome policy complexity and usability issues of previous schemes.

Enhanced security models for operating systems: a cryptographic approach

Security problems are increasing and, while existing systems are often found lacking, practical problems limit the adoption of more secure trusted systems. This paper describes a new operating system security model called Vaults utilising cryptography to provide dramatically enhanced security over existing systems. This approach provides many of the benefits of trusted system designs, while being more intuitive and applicable to varying security requirements

The functionality-based application confinement model

This paper presents the functionality-based application confinement (FBAC) access control model. FBAC is an application-oriented access control model, intended to restrict processes to the behaviour that is authorised by end users, administrators, and processes, in order to limit the damage that can be caused by malicious code, due to software vulnerabilities or malware. FBAC is unique in its ability to limit applications to finely grained access control rules based on high-level easy-to-understand reusable policy abstractions, its ability to simultaneously enforce application-oriented security goals of administrators, programs, and end users, its ability to perform dynamic activation and deactivation of logically grouped portions of a process’s authority, its approach to process invocation history and intersection-based privilege propagation, its suitability to policy automation techniques, and in the resulting usability benefits. Central to the model are ‘functionalities’, hierarchical and parameterised policy abstractions, which can represent features that applications provide; ‘confinements’, which can model simultaneous enforcement of multiple sets of policies to enforce a diverse range of types of application restrictions; and ‘applications’, which represent the processes to be confined. The paper defines the model in terms of structure (which is described in five components) and function, and serves as a culmination of our work thus far, reviewing the evaluation of the model that has been conducted to date.