{"title":"CMCAP","authors":"Theogene Hakiza Bucuti, R. Dantu, Kirill Morozov","doi":"10.1145/3322431.3325414","DOIUrl":null,"url":null,"abstract":"We present CMCAP (context-mapped capabilities), a decentralized mechanism for specifying and enforcing adaptive access control policies for resource-centric security. Policies in CMCAP express runtime constraints defined as containment domains with context-mapped capabilities, and ephemeral sandboxes for dynamically enforcing desired information flow properties while preserving functional correctness for the sandboxed programs. CMCAP is designed to remediate DAC's weakness and address the inflexibility that makes current MAC frameworks impractical to the common user. We use a Linux-based implementation of CMCAP to demonstrate how a program's dynamic profile is used for access control and intrusion prevention.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CMCAP\",\"authors\":\"Theogene Hakiza Bucuti, R. Dantu, Kirill Morozov\",\"doi\":\"10.1145/3322431.3325414\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present CMCAP (context-mapped capabilities), a decentralized mechanism for specifying and enforcing adaptive access control policies for resource-centric security. Policies in CMCAP express runtime constraints defined as containment domains with context-mapped capabilities, and ephemeral sandboxes for dynamically enforcing desired information flow properties while preserving functional correctness for the sandboxed programs. CMCAP is designed to remediate DAC's weakness and address the inflexibility that makes current MAC frameworks impractical to the common user. We use a Linux-based implementation of CMCAP to demonstrate how a program's dynamic profile is used for access control and intrusion prevention.\",\"PeriodicalId\":435953,\"journal\":{\"name\":\"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3322431.3325414\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3322431.3325414","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We present CMCAP (context-mapped capabilities), a decentralized mechanism for specifying and enforcing adaptive access control policies for resource-centric security. Policies in CMCAP express runtime constraints defined as containment domains with context-mapped capabilities, and ephemeral sandboxes for dynamically enforcing desired information flow properties while preserving functional correctness for the sandboxed programs. CMCAP is designed to remediate DAC's weakness and address the inflexibility that makes current MAC frameworks impractical to the common user. We use a Linux-based implementation of CMCAP to demonstrate how a program's dynamic profile is used for access control and intrusion prevention.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
