Resilient Reference Monitor for Distributed Access Control via Moving Target Defense - Data and Applications Security and Privacy XXXI
Conference Papers Year : 2017

Resilient Reference Monitor for Distributed Access Control via Moving Target Defense

Dieudonné Mulamba
  • Function : Author
  • PersonId : 885867
Indrajit Ray
  • Function : Author
  • PersonId : 989237

Abstract

Effective access control is dependent not only on the existence of strong policies but also on ensuring that the access control enforcement subsystem is adequately protected. Protecting this subsystem has not been adequately addressed in the literature. In general, it is assumed to be implemented as a reference monitor in a trusted computing base (TCB) that is tamper-proof. However, in distributed access control, ensuring TCB security kernel to be tamper proof is not always feasible. It needs to be implemented in software and on platforms that can potentially have vulnerabilities. We posit that allowing a very limited opportunity to the attacker to enumerate exploitable vulnerabilities in the access control subsystem can considerably facilitate its protection. Towards this end we propose a moving target defense framework for access control in a distributed environment. In this framework, access control is provided by cooperation of several distributed modules that materialize randomly, announce their services, enforce access control and then disappear to be replaced by another module randomly. As a result, the attacker does not know which process can be targeted to compromise the access control system.
Fichier principal
Vignette du fichier
453481_1_En_2_Chapter.pdf (497.99 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01684353 , version 1 (15-01-2018)

Licence

Identifiers

Cite

Dieudonné Mulamba, Indrajit Ray. Resilient Reference Monitor for Distributed Access Control via Moving Target Defense. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.20-40, ⟨10.1007/978-3-319-61176-1_2⟩. ⟨hal-01684353⟩
83 View
133 Download

Altmetric

Share

More