METHOD AND ABSTRACT MODEL FOR CONTROL AND ACCESS RIGHTS BY REQUESTS REDIRECTION
Read the full article
For citation: Koveshnikov M.G., Shcheglov K.A., Shcheglov A.Yu. Method and abstract model for control and access rights by requests redirection. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2015, vol. 15, no. 6, pp. 1122–1129.
We have researched implementation problems of control and access rights of subjects to objects in modern computer systems. We have suggested access control method based on objects access requests redirection. The method possesses a distinctive feature as compared to discretional access control. In case when a subject needs to deny writing (object modification), it is not denied but redirected (access rights are not changed, but operation is performed with another object). This gives the possibility to implement access policies to system objects without breaking the system and applications operability, and share correctly access objects between subjects. This important property of suggested access control method enables to solve fundamentally new system objects securing problems like system resources virtualization aimed to protect system objects from users’ and applications attacks. We have created an abstract model, and it shows that this method (access control from subjects to objects based on requests redirection) can be used as self-sufficient access control method, implementing any access control policy (from subjects to objects), thus being an alternative to discretional access control method.
1. Shcheglov AYu. Zashchita Komp'yuternoi Informatsii ot Nesanktsionirovannogo Dostupa [Computer Protection from Unauthorized Access]. St. Petersburg, Nauka i Tekhnika Publ., 2004, 384 p.
2. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. Computer role-based access control models. Computer, 1996, vol. 29, no. 2, pp. 38–47. doi: 10.1109/2.485845
3. Shcheglov A.J., Shcheglov K.A. Access Control System to Resources of Computer System with Subject of Access "User, Processes". Patent RU2534599, 2014.
4. Shcheglov K.A., Shcheglov A.Yu. Defending against application exploits model of access control. Voprosy Zashchity Informatsii, 2013, no. 2 (101), pp. 36–43. (In Russian)
5. Shcheglov K.A., Shcheglov A.Yu. Defending from malicious applications attacks. Access control models. Voprosy Zashchity Informatsii, 2012, no. 4 (99), pp. 31–36. (In Russian)
6. Shcheglov A.Yu., Shcheglov K.A. System for Controlling Access to Computer System Resources with "Initial User, Effective User, Process" Subject. Patent RU2534488, 2014.
7. Shcheglov A.Yu., Pavlichenko I.P., Kornetov S.V., Shcheglov K.A. Kompleksnaya Sistema Zashchity Informatsii «Pantsir'+» dlya OS Microsoft Windows. Svidetel'stvo o gosudarstvennoi registratsii programmy dlya EVM 2014660889 [Integrated Security System "Carapace+" for MS Windows. Certificate of state registration of the computer program 2014660889], 2014.
8. Shcheglov K.A., Shcheglov A.Yu. Access control to static file objects. Voprosy Zashchity Informatsii, 2012, no. 2 (97), pp. 12–20. (In Russian)
9. Harrison М.A., Ruzzo W.L., Ullman J.D. Protection in operating systems. Communication of the ACM, 1976, vol. 19, no. 8, pp. 461–471. doi: 10.1145/360303.360333
10. Bell D.E., LaPadula L.J. Security Computer Systems: Unified Exposition and MULTICS Interpretation. MITRE Technical Report MTR-2997 Rev. 1. Bedford, Massachusetts, MITRE Corp., 1976, 129 p. Available at: http://csrc.nist.gov/publications/history/bell76.pdf.
11. Biba K.J. Integrity Consideration for Security Computer System. MITRE Technical Report MTR-3153. Bedford, Massachusetts, MITRE Corp., 1975, 61 p. Available at: http://seclab.cs.ucdavis.edu/projects/history/papers/biba75.pdf.
12. Shcheglov K.A., Shcheglov A.Yu. Access control models to newly create file object. Secure system development requirements. Voprosy Zashchity Informatsii, 2013, no. 3(102), pp. 60–67. (In Russian)
13. Shcheglov A.J., Shcheglov K.A. System for Reforming Object in Access Request. Patent RU2538918, 2015.
14. Koveshnikov M.G., Shcheglov K.A., Shcheglov A.Yu. Abstract models for system virtualization. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2015, vol.15, no. 3, pp.
483–492. (In Russian) doi: 10.17586/2226-1494-2015-15-3-483-492