3. 関連研究
①Watson, R. N. M., Anderson, J., Laurie, B., and Kennaway, K. Capsicum: practical capabilities for
UNIX. In Proceedings of the 19th USENIX Security Symposium, Washington, DC, August 2010.
(Best Student Paper, Most Notable Publication 2011 - Cambridge Ring)
②P.A. Porras, S. Shin, S. Yegneswaran, M.W. Fong, M. Tyson, and G. Gu, "A Security Enforcement
Kernel for OpenFlow Networks," in Proceedings of the ACM Sigcomm Workshop on Hot Topics in
Software Defined Networking (HotSDN), Helsinki, FI, August 2012.
③GemRBAC-DSL: a High-level Specification Language for Role-based Access Control Policies
Ben Fadhel, Ameni; Bianculli, Domenico; Briand, Lionelin 21st ACM Symposium on Access
Control Models and Technologies (SACMAT 2016) (2016, June)
④Canonical Completeness in Lattice-Based Languages for Attribute-Based Access Control
Williams, C. & Crampton, J. 12 Dec 2016 7th ACM Conference on Data and Application Security
and Privacy. ACM Press
4. 提案手法の概要と適用対象
RBACConditional ACL
allow_signalディレクティブ signal access vector
TOMOYO Linux SELinux ログイン処理時の
ユーザ集合の処理
Httpd稼働時の
複数のプロセスの
シグナルのブロー
ドキャスト
解決策:
EXCLUDE, INCLUDE
ディレクティブの導入に
よる認可ユーザ集合
ポリシーの自動生成
解決策:
HTTPディレクティブの導入
による複数のhttpdサブ
プロセス設定の一括生成
TE: Type Enforcement
5. Secure OS: DAC and MAC
Subject
User
Linux
DAC
SELinux
MAC
Object
/etc/passwd
System_u:object_r:lib_t
user_u:user_r:user_t
SELinux User SELinux role SELinux type
<kernel> /usr/sbin/sshd /bin/bash
<kernel> /usr/sbin/sshd /bin/bash /bin/ls
<kernel> /usr/sbin/sshd /bin/bash /bin/tar
<kernel> /usr/sbin/sshd /bin/bash /bin/cat
Subject
Process / User
6. 検査方法の分類
■構文主導型 (Syntax Directed Translation)
- This translator consists of a parser (or grammar) with embedded actions that immediately generate output.
正規表現、有限オートマトン
ITS4: a static vulnerability scanner for C and C++ code, Computer Security Applications, ACSAC 2002
Chucky: exposing missing checks in source code for vulnerability discovery ccs 2013
■ルール方式 (Rule Based Translation)
- Rule-based translators use the DSL of a particular rule engine to specify a set of “this goes to that” translation
rules.
遷移規則、プッシュダウンオートマトン
Using programmer-written compiler extensions to catch security holes SSP 2002
Checking system rules using system-specific, programmer-written compiler extensions OSDI 2000
■モデル駆動方式 (Model Driven Translation)
- From the input model, a translator can emit output directly, build up strings, build up templates (documents with
“holes” in them where we can stick values), or build up specialized output objects
モデル検査・Concolic execution
MOPS: an infrastructure for examining security properties of software CCS2002
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Usenix Sec
2011