Suspicious-Taint-Based Access Control for Protecting OS from Network Attacks

TL;DR

The paper introduces STBAC, a new access control model that enhances OS security against network attacks by tracking suspicious processes through tainting, maintaining compatibility and performance.

Contribution

It proposes a novel taint-based access control model, STBAC, compatible with existing systems and effective against network-based threats, with implementation in Linux.

Findings

STBAC effectively protects vital resources from network attacks.

The model maintains system compatibility and performance.

Implementation in Linux demonstrates practical viability.

Abstract

Today, security threats to operating systems largely come from network. Traditional discretionary access control mechanism alone can hardly defeat them. Although traditional mandatory access control models can effectively protect the security of OS, they have problems of being incompatible with application software and complex in administration. In this paper, we propose a new model, Suspicious-Taint-Based Access Control (STBAC) model, for defeating network attacks while being compatible, simple and maintaining good system performance. STBAC regards the processes using Non-Trustable-Communications as the starting points of suspicious taint, traces the activities of the suspiciously tainted processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. Even in the cases when some privileged processes are subverted, STBAC can still protect vital resources from being compromised by the intruder. We implemented the model in the Linux kernel and evaluated it through experiments. The evaluation showed that STBAC could protect vital resources effectively without significant impact on compatibility and performance.