Resilient Reference Monitor for Distributed Access Control via Moving Target Defense - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Resilient Reference Monitor for Distributed Access Control via Moving Target Defense

Dieudonné Mulamba
  • Fonction : Auteur
  • PersonId : 885867
Indrajit Ray
  • Fonction : Auteur
  • PersonId : 989237

Résumé

Effective access control is dependent not only on the existence of strong policies but also on ensuring that the access control enforcement subsystem is adequately protected. Protecting this subsystem has not been adequately addressed in the literature. In general, it is assumed to be implemented as a reference monitor in a trusted computing base (TCB) that is tamper-proof. However, in distributed access control, ensuring TCB security kernel to be tamper proof is not always feasible. It needs to be implemented in software and on platforms that can potentially have vulnerabilities. We posit that allowing a very limited opportunity to the attacker to enumerate exploitable vulnerabilities in the access control subsystem can considerably facilitate its protection. Towards this end we propose a moving target defense framework for access control in a distributed environment. In this framework, access control is provided by cooperation of several distributed modules that materialize randomly, announce their services, enforce access control and then disappear to be replaced by another module randomly. As a result, the attacker does not know which process can be targeted to compromise the access control system.
Fichier principal
Vignette du fichier
453481_1_En_2_Chapter.pdf (497.99 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01684353 , version 1 (15-01-2018)

Licence

Paternité

Identifiants

Citer

Dieudonné Mulamba, Indrajit Ray. Resilient Reference Monitor for Distributed Access Control via Moving Target Defense. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.20-40, ⟨10.1007/978-3-319-61176-1_2⟩. ⟨hal-01684353⟩
69 Consultations
112 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More