Compatible and Usable Mandatory Access Control for Good-enough OS Security

TL;DR

This paper introduces CUMAC, a new mandatory access control model that balances security, compatibility, and usability, aiming to address OS compromise issues with practical effectiveness.

Contribution

CUMAC's novel features include intrusion tracing for better security and automatic detection of compatibility exceptions, enhancing usability and compatibility.

Findings

CUMAC defends against network, mobile disk, and local attacks.

It maintains high compatibility and usability in practical tests.

CUMAC reduces false negatives in intrusion detection.

Abstract

OS compromise is one of the most serious computer security problems today, but still not being resolved. Although people proposed different kinds of methods, they could not be accepted by most users who are non-expert due to the lack of compatibility and usability. In this paper, we introduce a kind of new mandatory access control model, named CUMAC, that aims to achieve good-enough security, high compatibility and usability. It has two novel features. One is access control based on tracing potential intrusion that can reduce false negatives and facilitate security configuration, in order to improve both compatibility and usability; the other is automatically figuring out all of the compatibility exceptions that usually incurs incompatible problems. The experiments performed on the prototype show that CUMAC can defense attacks from network, mobile disk and local untrustable users while keeping good compatibility and usability.