%0 Conference Proceedings
%T Resilient Reference Monitor for Distributed Access Control via Moving Target Defense
%+ Colorado State University [Fort Collins] (CSU)
%A Mulamba, Dieudonné
%A Ray, Indrajit
%Z Part 1: Access Control
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC)
%C Philadelphia, PA, United States
%Y Giovanni Livraga
%Y Sencun Zhu
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXI
%V LNCS-10359
%P 20-40
%8 2017-07-19
%D 2017
%R 10.1007/978-3-319-61176-1_2
%Z Computer Science [cs]Conference papers
%X Effective access control is dependent not only on the existence of strong policies but also on ensuring that the access control enforcement subsystem is adequately protected. Protecting this subsystem has not been adequately addressed in the literature. In general, it is assumed to be implemented as a reference monitor in a trusted computing base (TCB) that is tamper-proof. However, in distributed access control, ensuring TCB security kernel to be tamper proof is not always feasible. It needs to be implemented in software and on platforms that can potentially have vulnerabilities. We posit that allowing a very limited opportunity to the attacker to enumerate exploitable vulnerabilities in the access control subsystem can considerably facilitate its protection. Towards this end we propose a moving target defense framework for access control in a distributed environment. In this framework, access control is provided by cooperation of several distributed modules that materialize randomly, announce their services, enforce access control and then disappear to be replaced by another module randomly. As a result, the attacker does not know which process can be targeted to compromise the access control system.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01684353/document
%2 https://inria.hal.science/hal-01684353/file/453481_1_En_2_Chapter.pdf
%L hal-01684353
%U https://inria.hal.science/hal-01684353
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-10359