27-09-2010, 11:35 AM
[attachment=4467]
This article is presented by:
Chenjia Wang
Department of Computer Science
Wayne State University
Kevin P. Monaghan
Department of Computer Science
Wayne State University
Weisong Shi
Department of Computer Science
Wayne State University
ABSTRACT
Current access control schemes focus on the user and their rights and privileges relating to the access to both initiating functionality and accessing information. This approach, while appropriate with respect to access control for the user, misses a very important aspect - the software itself. In this paper, we propose HACK, a health-based, adaptive access control scheme, that provides for both the machine and its software to act on behalf of the users during access. Paramount is that the software itself is included as part of the access control determination. The health of software can be determined when the user attempts to create a new process executing that software. HACK checks its own information about the software to determine its health and can also ask neighboring machines on the network running the same software to provide a health status. Lastly, HACK adapts the access control based on the behavior of the software in response to certain events. With the growth of heterogeneity in the mobile computing environment, secure access is becoming more challenging in design.[5] Laptop, notebook, tablet, and pocket computers, and other mobile computing devices, have been widely used in the enterprise environment but the attention paid to the challenge of securing the computing environment is far from enough. Actually, according to the Redefining Personal Computing with Virtual Computing talk given by Professor Lam in 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 78% use personal computers for work and 43% use work computers for personal use. [3] In the logical perspective, access control decides whether to grant the access right of the object to the principal and in the paper [4], Lampson et al. propose the concepts, protocols and algorithms for access control in distributed systems. The security level of the existing access control mechanisms are either lower than the expectation, which causes the existence of potential risk, or extremely higher than it should be, which has seriously limited the privileges of the user. The conventional role-based access control and rule-based access control mechanisms seem to be unqualified to meet the new requirements posed by the mobile computing environment. Even the extended access control mechanisms of them, such as temporal role-based access control (TRBAC) [1] which supports periodic role enabling and disabling and temporal dependencies among such actions, and generalized role-based access control (GRBAC) may alsohave some difficulties to face the challenge. Team-based access control (TBAC) is another access control mechanism and the extension access control mechanism of it, the C-TMAC [2] would collect the contextual information including time of access, the location from which access is requested, the location where the object to be accessed resides, transactionspecific values that dictate special access policies, and so on. However, it does not touch on the key component of the contextual information of the client machine which we believe is the health state of the machine. Under this situation, a new adaptive and secure mechanism for access control is highly demanded. In this paper, we propose HACK, a health-based, adaptive access control scheme. Our approach with HACK is unique in the following ways: we focus on the health of the machines with respect to access control, not the security credentials or privileges of the user; our approach utilizes both a local and community-based check for health, i.e. the status of software is determined not only by the machine running the software but also by its neighboring community; and lastly, our approach is adaptive, i.e. events that take place can alter the state of the machine and can dynamically alter the health of software and therefore its access control. Our key contributions are in the detection of malicious software using a hash of the file contents, the determination of software behavior by a community check, and in the adaptive behavior of the machine based on current state and healthy-based access control events. The remainder of the paper is organized as follows. The design of HACK is presented in Section 2. Section 3 describes the implementation of HACK and the performance evaluation is detailed in Section 4. Sections 5 and 6 cover discussion and related work, respectively.
For more information about this article please follow the link:
http://docs.googleviewer?a=v&q=cache:691...4lLPlUJwVQ