Verifying compliance of trusted programs

Sandra Rueda, Dave King, Trent Jaeger

Research output: Contribution to conferencePaper

9 Scopus citations

Abstract

In this paper, we present an approach for verifying that trusted programs correctly enforce system security goals when deployed. A trusted program is trusted to only perform safe operations despite have the authority to perform unsafe operations; for example, initialization programs, administrative programs, root network daemons, etc. Currently, these programs are trusted without concrete justification. The emergence of tools for building programs that guarantee policy enforcement, such as security-typed languages (STLs), and mandatory access control systems, such as user-level policy servers, finally offers a basis for justifying trust in such programs: we can determine whether these programs can be deployed in compliance with the reference monitor concept. Since program and system policies are defined independently, often using different access control models, compliance for all program deployments may be difficult to achieve in practice, however. We observe that the integrity of trusted programs must dominate the integrity of system data, and use this insight, which we call the PIDSI approach, to infer the relationship between program and system policies, enabling automated compliance verification. We find that the PIDSI approach is consistent with the SELinux reference policy for its trusted programs. As a result, trusted program policies can be designed independently of their target systems, yet still be deployed in a manner that ensures enforcement of system security goals.

Original languageEnglish (US)
Pages321-334
Number of pages14
StatePublished - Jan 1 2008
Event17th USENIX Security Symposium - San Jose, United States
Duration: Jul 28 2008Aug 1 2008

Conference

Conference17th USENIX Security Symposium
CountryUnited States
CitySan Jose
Period7/28/088/1/08

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Verifying compliance of trusted programs'. Together they form a unique fingerprint.

  • Cite this

    Rueda, S., King, D., & Jaeger, T. (2008). Verifying compliance of trusted programs. 321-334. Paper presented at 17th USENIX Security Symposium, San Jose, United States.