Conference paper Open Access

An approach to Separation of Duties validation for MILS security configurations

Kort, Semen; Kulagin, Dimitry; Rudina, Ekaterina


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security system</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security policy</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security configuration</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">separation of duties</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">validation</subfield>
  </datafield>
  <controlfield tag="005">20200120151626.0</controlfield>
  <controlfield tag="001">571156</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">14 March 2017</subfield>
    <subfield code="a">International Workshop on MILS: Architecture and Assurance for Secure Systems</subfield>
    <subfield code="c">Nuremberg, Germany</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Kaspersky Lab</subfield>
    <subfield code="a">Kulagin, Dimitry</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Kaspersky Lab</subfield>
    <subfield code="a">Rudina, Ekaterina</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">247497</subfield>
    <subfield code="z">md5:2af69b99556552cdc9e9a30014e432a0</subfield>
    <subfield code="u">https://zenodo.org/record/571156/files/Kort2017approach.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2017-03-14</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-mils</subfield>
    <subfield code="o">oai:zenodo.org:571156</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Kaspersky Lab</subfield>
    <subfield code="a">Kort, Semen</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">An approach to Separation of Duties validation for MILS security configurations</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-mils</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Separation of duties (SoD) is an important concept aimed to constrain the excessive powers of subjects regarding system assets and control functions. Ensuring the fact that SoD is properly implemented for the particular task may require the individual approach in every given case.&lt;br&gt;
This paper proposes an approach to SoD validation conducted by the analysis of the security configuration of MILS-based solution. The security policy based on object capabilities is considered for this purpose. For this security policy two basic issues should be met. The first issue is the enough expressivity of the security policy. It is addressed with demonstration of particular examples of usage scenarios. The second issue regards the conditions under which the security problem remains tractable. Solving this issue in context of specifically defined SoD criteria is at the core of this research.&lt;br&gt;
The approach is implemented for the security configurations of Kaspersky Security System.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isSupplementedBy</subfield>
    <subfield code="a">10.5281/zenodo.571157</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.571156</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>
50
32
views
downloads
All versions This version
Views 5050
Downloads 3232
Data volume 7.9 MB7.9 MB
Unique views 4545
Unique downloads 3030

Share

Cite as