Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity

Modern distributed systems are composed from several off-the-shelf components, including operating systems, virtualization infrastructure, and application packages, upon which some custom application software (e.g., web application) is often deployed. While several commodity systems now include Mandatory Access Control (MAC) enforcement to protect the individual components, the complexity of such MAC policies and the myriad of possible interactions among individual hosts in distributed systems makes it difficult to identify the attack paths available to adversaries. As a result, security practitioners react to vulnerabilities as adversaries uncover them, rather than proactively protecting the system's data integrity.

Provided by: Association for Computing Machinery Topic: Security Date Added: Dec 2012 Format: PDF

Find By Topic