Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in pro...

With today's prevalence of Internet-connected systems storing sensitive data and the omnipresent threat of technically skilled malicious users, computer security remains a critically important field. Because of today's multitude of vulnerable systems and security threats, it is vital that computer science students be taught techniques for programming secure systems, especially since many of the...

Cloud computing is an emerging, on-demand and internetbased technology. It provides variety of services over internet such as, software, hardware, data storage and infrastructure. The cloud platforms are consisted of a larger number of servers along with networking and security appliances connected together. The heavier amounts of data are stored on these cloud platforms. The data accessibility...

Role-based Access Control (RBAC) is a promising alternative to traditional discretionary (DAC) and mandatory access (MAC) controls. In RBAC permissions are associated with roles, and users are made members of the roles thereby acquiring the roles’ permissions. RBAC is policy neutral and flexible enough to accommodate diverse security policies. Access matrix models define another mechanism for e...

The event-condition-action paradigm (also known as triggers or rules) gives a database “active” capabilities – the ability to react automatically to changes in the database or in the environment. One potential use of this technology is in the area of multilevel secure (MLS) data processing, such as, military, where the subjects and objects are classified into different security levels and manda...

Recent studies have shown there is a growing concern about the damage possible when trusted organization insiders behave maliciously. In particular, data exfiltration can lead to loss of revenue, damage to an organization’s reputation, and disruption of service for critical infrastructure systems. In this work, we introduce the Contextually Adaptive INsider threat architecture (CAIN), which inc...

The discretionary access controls (DAC) employed by traditional operating systems only provide system administrators and users with a loose ability to specify the security policies of the system. In contrast, mandatory access controls (MAC) provide a stronger, finer-grained mechanism for specifying and enforcing system security policies. A related security concept called the principle of least ...

Increased dependability of users, businesses and government on computing systems for research and computations on sensitive data raises serious issues regarding security. Operating systems conventionally provide Discretionary Access Control (DAC, superuser logic) to maintain security. Malicious users and applications are major threats to organizations and DAC seriously fails to address the requ...

Robust technological enforcement of DRM licenses assumes that the prevention of direct access to the raw bit representation of decrypted digital content and the license enforcement mechanisms themselves is possible. This is difficult to achieve on an open computing platform such as a PC. Recent trusted computing initiatives namely, the Trusted Computing Group (TCG) specification, and Microsoft’...

Traditional discretionary access control mechanisms do not differentiate between a user’s running applications–hence they provide no means of preventing one application from exploiting another’s data. Commercial mandatory access control mechanisms such as SELinux and AppArmor aim to protect system files, but do little to prevent similar misuse of user data. This paper presents the PinUP access ...