Abou this letter This is my first intent of paper, it was rejected and the following is the email sent to me explaining the reasons. -----Original Message----- From: oak6-pc-chairs@icir.org [mailto:oak6-pc-chairs@icir.org] Sent: Tuesday, January 24, 2006 1:47 AM


9 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

85 εμφανίσεις

Abou this letter

This is my first intent of paper, it was rejected and the following is
the email sent to me explaining the reasons.

Original Message

From: oak6
chairs@icir.org [mailto:oak6

Sent: Tuesday, January 24, 200
6 1:47 AM

To: Zepeda, Herbey

Cc: oak6

Subject: Your IEEE S&P 2006 Submission (Number 203)

Dear Herbey Zepeda:

We're sorry to inform you that the following submission was not
selected by the program committee to appear at IEEE S&P 2006

Unifying Policy and Access Decision in User and Kernel


The selection process was highly competitive, with 32 papers chosen out
of 251 submitted. We've enclosed referee reports for your paper; we
hope that these prove of benefit
as you further pursue this work.

We thank you for your interest in S&P 2006 and hope you will be able to
attend the conference this May in Oakland, California.

Best Regards,

Vern Paxson and Birgit Pfitzmann

Program co
chairs, IEEE S&P 2006


2006 IEEE S&P 2006 Reviews for Submission #203

Title: Unifying Policy and Access Decision in User and Kernel Spa

Authors: Herbey Zepeda, Eric Freudenthal




Detailed Comments


The paper discusses the problem of different access control mechanism

an operating system kernel and in applications. Managing those
different mechanism may be a nightmare since an administrator needs to
consider the different semantics of the access control systems. As an
example the paper mentions the access control polic
y enforced by a
Linux kernel with the SELinux security and the access control performed
by a Java Security framework. Their suggestion is to define a common
framework for access control that can be used by both applications and
an OS kernel. Their proposed

solution is presented only as a high level
outline suggesting to define some "kernel interfaces" to use the
SELinux kernel module without going into any detail what this implies.

The authors neglect a general problem with such an approach: To serve
as a
general framework for access control the access control system
needs to abstract from the objects that are subject to access control.
Object manager need to be able to "define" object classes and
individual objects to the access control system and then ca
ll the
access control function in order to check for access control. There are
several commercial implementations of such general access control
systems that can be used by an OS as well as by applications. Examples
are Tivoli Access Manager and IBM access

control system for their
mainframe system (RACF). Those products exist since many years and
perform the function the authors claim are required. So, there is
nothing new with the proposal in the paper.








This submission is more in the nature of a proposal rather than a
finished paper. The fundamental idea is that it by unifying application
level and OS
level access contr
ols, access control policy and
management could be simplified, leading to simpler administration and
fewer mistakes. The idea is pursued in the context of SE
Linux at the
OS level and Java programs at the application level. One might debate
whether "unif
y and simplify" is better than "divide and conquer". It
certainly would seem beneficial to provide a straightforward linkage
between the security abstractions of the application and operating
system layers. The question is perhaps whether the unified syste
m will
in fact be simpler or whether it will cloak complexity, and potentially
security flaws, that remain. That may be an interesting discussion to
have when the this work has progressed further.





Detailed Comme


This paper attempts to unify the Java security architecture with
SELinux's Type Enforcement, by using the SELinux mechanisms to enforce
the Java policies. While a worthy goal
, the paper fails to provide any
details about how this is actually accomplished. I would recommend the
submission of a full paper when the research is mature.

The author(s) might want to look at Wallach, et al's work on Security
Passing Style.