Secure and Usable Integrity Protection Model for Operating Systems

Abstract

"Host compromise is one of the most serious security problems for operating systems today. Existing integrity protection models for operating systems are difficult to use; on the other hand, the most available integrity protection models only provide heuristic approaches without strong guarantees.

This paper presents SecGuard, a secure and high-available integrity protection model for operating systems. To ensure the security of systems, SecGuard provides formal guarantees that operating systems are security under three threats: network-based threat, IPC communication threat, and contaminative file threat. On the other hand, we introduce some novel mechanisms to ensure high-available of the model. For instance, SecGuard leverages the information of the existing discretionary access control mechanism to initialize integrity labels for subjects and objects in the systems. Moreover, we describe the implementation of SecGuard for Linux using Linux Security Modules framework, and show it has low overhead and effectively achieve security and high-availability for operating systems."