Skip to Main content Skip to Navigation
Conference papers

Resilient Reference Monitor for Distributed Access Control via Moving Target Defense

Abstract : Effective access control is dependent not only on the existence of strong policies but also on ensuring that the access control enforcement subsystem is adequately protected. Protecting this subsystem has not been adequately addressed in the literature. In general, it is assumed to be implemented as a reference monitor in a trusted computing base (TCB) that is tamper-proof. However, in distributed access control, ensuring TCB security kernel to be tamper proof is not always feasible. It needs to be implemented in software and on platforms that can potentially have vulnerabilities. We posit that allowing a very limited opportunity to the attacker to enumerate exploitable vulnerabilities in the access control subsystem can considerably facilitate its protection. Towards this end we propose a moving target defense framework for access control in a distributed environment. In this framework, access control is provided by cooperation of several distributed modules that materialize randomly, announce their services, enforce access control and then disappear to be replaced by another module randomly. As a result, the attacker does not know which process can be targeted to compromise the access control system.
Document type :
Conference papers
Complete list of metadata

Cited literature [49 references]  Display  Hide  Download

https://hal.inria.fr/hal-01684353
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:07:11 PM
Last modification on : Monday, January 15, 2018 - 2:11:13 PM
Long-term archiving on: : Saturday, May 5, 2018 - 5:23:18 PM

File

453481_1_En_2_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Dieudonné Mulamba, Indrajit Ray. Resilient Reference Monitor for Distributed Access Control via Moving Target Defense. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.20-40, ⟨10.1007/978-3-319-61176-1_2⟩. ⟨hal-01684353⟩

Share

Metrics

Record views

164

Files downloads

125