Access control policy management is an increasingly hard problem from both the security point of view and the verification point of view. SELinux is a Linux Security Module (LSM) implementing a mandatory access control mechanism. SELinux integrates user identity, roles, and type security attributes for stating rules in security policies. As SELinux policies are developed and maintained by secur...

Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control th...

Modern web applications are conglomerations of JavaScript written by multiple authors: application developers routinely incorporate code from third-party libraries, and mashup applications synthesize data and code hosted at different sites. In current browsers, a web application’s developer and user must trust third-party code in libraries not to leak the user’s sensitive information from withi...

The event-condition-action paradigm (also known as triggers or rules) is a powerful technology. It gives a database “active” capabilities – the ability to react automatically to changes in the database or in the environment. One potential use of this technology is in the area of multilevel secure (MLS) data processing, such as, military, where the subjects and objects are classified into differ...

One way of enforcing a mandatory access control policy is to use a static type system capable of guaranteeing a non-interference property. Non-interference requires that two processes with distinct “high”-level components, but common “low”-level structure, cannot be distinguished by “low”-level observers. We state this property in terms of a rather strict notion of process equivalence, namely w...

This model presents a multi-level secure (MLS) database using object-oriented technology. The model is based on, and extends the requirements of the Department of Defense 5200.28-STD, DoD Trusted Computer System Evaluation Criteria (TCSEC) dated December 1985, commonly known as the Orange Book. Currently, there does not exist a database model in any technology which meets the requirements of th...

The relationship between users and resources is dynamic in the cloud, and service providers and users are typically not in the same security domain. Identity-based security (e.g., discretionary or mandatory access control models) cannot be used in an open cloud computing environment, where each resource node may not be familiar, or even do not know each other. Users are normally identified by t...

Using the mandatory adoption of International Financial Reporting Standards (IFRS) as an exogenous improvement to mandatory financial reporting, we document evidence supporting a complementary effect between mandatory and voluntary disclosures. We find that firms in countries that adopted IFRS in 2005 experience an increase in both the likelihood and frequency of management earnings forecasts r...

In the past, Mandatory Access Control (MAC) systems have used very rigid policies that were implemented in particular protocols and platforms. As MAC systems become more widely deployed, additional flexibility in mechanism and policy will be required. While traditional trusted systems implemented Multi-Level Security (MLS) and integrity models, modern systems have expanded to include such techn...

With today's prevalence of Internet-connected systems storing sensitive data and the omnipresent threat of technically skilled malicious users, computer security remains a critically important field. Because of today's multitude of vulnerable systems and security threats, it is vital that computer science students be taught techniques for programming secure systems, especially since many of the...