Mandatory Access Control Method for Windows Embedded OS Security

The Windows Embedded operating system (OS) adopts a discretionary access control (DAC)-based policy, but underlying vulnerabilities exist because of external hacker attacks and other factors. In this study, we propose a system that improves the security of the Windows Embedded OS by applying a mandatory access control (MAC) policy in which the access rights of objects, such as files and folders, and subjects’ privileges, such as processes, are compared. We conducted access control tests to verify whether the proposed system could avoid the vulnerabilities of DAC-based systems. Our results indicate that the existing DAC-based security systems could be neutralized if a principal's security policy is removed. However, in the proposed MAC-based Windows Embedded OS, even if the clearance and category values of a subject’s files are given the highest rating, all accesses are automatically denied. Therefore, the execution of all files that were not previously registered on the whitelist was denied, proving that security was improved relative to DAC-based systems.

TRUST- BASED MODELING MAC-TYPE ACCESS CONTROL THROUGH ACCESS AND ACTIONS CONTROL POLICIES

In recent decades, the number of researches on access control and user actions in computer systems has increased. Over time, there have been two models of implementing Mandatory Access Control (MAC) policies for government institutions and Discretionary Access Control (DAC) for the business environment, policies that various access control modeling solutions seek to implement. Among the access control modeling solutions developed are Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), presented in the U.S.A. by the National Institute of Standard and Technology (NIST). In Romania, in 2010, the access control solution based on trust was presented. This paper presents Mandatory Access Control policy modeling using the trust-based access and actions control modeling solution.

Multi-Level Policy Model Access Control Security Operating Systems of the Windows Family

The purpose of research – development of a more advanced Windows NT family access control mechanism to protect against information leakage from memory by hidden channels. The method of research – analysis of Windows NT family models of mandatory access control and integrity control, modeling of access control security policy for specified security properties, automatic verification of models. The Lamport Temporal Logic of Actions (TLA +) used to describe the model and its specification is used. TLA+ allows automatic verification of the model with the specified security properties. The result of research – revealed the main limitations of the existing mandatory integrity control of operating systems of the Windows NT family. A set of structures of a multilevel model has been developed, reflecting the attributes that are significant for modeling the process of access of subjects to objects. The key mechanisms of access control in the operating system are modeled: management of users, groups, subjects, objects, roles, rights, discretionary and mandatory access control, mandatory integrity control - multilevel control of subjects’ access to objects. The model defines a mechanism for controlling the creation of subjects based on executable files to organize an isolated software environment. The values of the attributes of the model variables for the initialization stage are determined. The invariants of variables correctness in the process of verification and subjects to objects safe access are developed. The model was specified using the TLA + modeling language and verified.

Analysis of the features of the protection system of the domestic special-purpose operating system

The paper considers the task of studying the features of the protection system of the operating system Astra linux 1.6 SE (Further OS Astra 1.6 SE). The basic principles of access control, functional features of protection modules, settings of some configuration files of the operating system, as well as types and features of classification marks are revealed. The result of this work is the proposal for the implementation of the possibility of configuring the basic access control mechanisms without using a graphical shell, the study of the principle of operation of these mechanisms, as well as the use of the features of kernel modules, configuration files for the design of a security system for computer facilities by information protection units. This operating system has a specific feature of the structure of the security system, since it includes mechanisms for mandatory access control, allowing access to be denied or allowed depending on the user's authority. The exchange and processing of information occurs with the use of classification labels, which make it possible to delimit information flows of different mandated contexts. These labels are written in accordance with GOST R 58256-2018 “Information security. Information flow control in the information system. Format of classification marks”. The paper analyzes traffic in different mandated sessions, and also considers the behavior of information flows regarding interaction in a network of computers with the installed OS Astra linux 1.6 SE and the security system configured on it. In this case, the exchange of data will occur both with users in the same sessions and in different ones that differ between computers.

SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Therefore, investigating the protection method of the security labels in the SELinux kernel is urgent. And the impact on the existing security configuration of the system must also be reduced. This paper proposes an optimization scheme of the SELinux mechanism based on security label randomization to solve the aforementioned problem. At the system runtime, the system randomizes the mapping of the security labels inside and outside the kernel to protect the privileged security labels of the system from illegal obtainment and tampering by attackers. This method is transparent to users; therefore, users do not need to modify the existing system security configuration. A tamper-proof detection method of SELinux security label is also proposed to further improve the security of the method. It detects and corrects the malicious tampering behaviors of the security label in the critical process of the system timely. The above methods are implemented in the Linux system, and the effectiveness of security defense is proven through theoretical analysis and experimental verification. Numerous experiments show that the effect of this method on system performance is less than 1%, and the success probability of root privilege escalation attack is less than 10−9.

THE FEATURES OF MANDATORY ACCESS CONTROL MODEL IN MODERN UNAUTHORIZED ACCESS DATA PROTECTION TOOLS

This article describes the features of mandatory access control model in unauthorized ac-cess data protection tools, which can affect its efficiency. Also, some flaws of unauthorized ac-cess data protection tools and possible scenarios of unauthorized access bypassing these tools are analyzed. The countermeasures and methods of its application, eliminating detected flaws are offered. The conclusions about necessarity of analyze of unauthorized access data protec-tion tools policies and revision of its severeness, if it is necessary, were made.