Yoshiki Sameshima

Authorization with security attributes and privilege delegation

This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.

SELinux Security Policy Configuration System with Higher Level Language

Security policy for SELinux is usually created by customizing a sample policy called refpolicy. However, describing and verifying security policy configurations is difficult because in refpolicy, there are more than 100,000 lines of configurations, thousands of elements such as permissions, macros and labels. The memory footprint of refpolicy which is around 5MB, is also a problem for resource constrained devices. We propose a security policy configuration system SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes label configurations. SPDL tools generate security policy configurations from access logs and tool users knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semiautomated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.

A Key Escrow System of the RSA Cryptosystem

This paper focuses a key escrow system of the RSA cryptosystem that protects user privacy with the following properties; (1) neither investigation agency nor key escrow agent accesses private key of user directly, (2) investigation agency can decrypt user data of restricted time period and communication entities, and (3) split private keys of user are deposited correctly in multiple key escrow agents without any information leakage of the private key with help of a zero-knowledge interactive protocol. The security of the whole system is discussed as well as the performance of the zero-knowledge interactive protocol.

Security architecture based on secret key and privilege attribute certificates

An authentication server which employs the secret-key cryptography holds the secret keys of user clients and application servers in a local database, and this leads to attacks on the database, key propagation from a master server to slave servers and the management from a remote console. The situation of a privilege attribute server is same. In order to solve the problems the author introduces secret key certificate and privilege attribute certificate, which can be handled same as the public key certificate. The certificates can be used not only for authentication and privilege attribute services but also delegation of privilege and messaging system.

Reducing Resource Consumption of SELinux for Embedded Systems with Contributions to Open-Source Ecosystems

Security-Enhanced Linux (SELinux) is a useful countermeasure for resisting security threats to embedded systems, because of its effectiveness against zero-day attacks. Furthermore, it can generally mitigate attacks without the application of security patches. However, the combined resource requirements of the SELinux kernel, userland, and the security policy reduce the performance of resource-constrained embedded systems. SELinux requires tuning, and modified code should be provided to the open-source software (OSS) community to receive value from its ecosystem. In this paper, we propose an embedded SELinux with reduced resource requirements, using code modifications that are acceptable to the OSS community. Resource usage is reduced by employing three techniques. First, the Linux kernel is tuned to reduce CPU overhead and memory usage. Second, unnecessary code is removed from userland libraries and commands. Third, security policy size is reduced with a policy-writing tool. To facilitate acceptance by the OSS community, build flags can be used to bypass modified code, such that it will not affect existing features; moreover, side effects of the modified code are carefully measured. Embedded SELinux is evaluated using an evaluation board targeted for M2M gateway, and benchmark results show that its read/write overhead is almost negligible. SELinux’s file space requirements are approximately 200 Kbytes, and memory usage is approximately 500 Kbytes; these account for approximately 1% of the evaluation board’s respective flash ROM and RAM capacity . Moreover, the modifications did not result in any adverse side effects. The modified code was submitted to the OSS community along with the evaluation results, and was successfully merged into the community code.

WriteShield: A pseudo thin-client system for prevention of information leakage

While thin-client systems are diffusing as an effective security method in enterprises and organizations, they still have several issues on usability, operation and cost of introduction. Over the WAN environment, network latency causes slow response of the GUI operation and scarce frame rate for movie playing. In addition, inflexible copy prohibition to the external media interferes with the actual business operations. Server-side system integration causes expensive cost of installation and it raises threshold for the large-scale introduction. In this paper, we propose WriteShield, a pseudo thin-client system which solves above issues. In this system, the local disks are write-protected and the location of data store is restricted to the central file servers. It realizes no data store in local clients as similar to the thin-client system. Since it takes purely the software-based simple approach, it does not require the hardware enhancement of network and servers. The cost of introduction is lower than conventional thin-client systems. This paper presents design and implementation details of WriteShield and evaluates in the perspectives of usability, operation, cost and security. Besides we measure the disk I/O performance to verify its feasibility in the actual environment.