STBAC: A New Access Control Model for Operating System

With the rapid development and increasing use of network, threats to modern operating systems mostly come from network, such as buffer overflows, viruses, worms, Trojans, DOS, etc. On the other hand, as computers, especially PCs, become cheaper and easier to use, people prefer to use computers exclusively and share information through network. The traditional access control mechanisms, however, can not deal with them in a smart way. Traditional DAC in OS alone cannot defeat network attacks well. Traditional MAC is effective in maintaining security, but it has problems of application incompatibility and administration complexity. To this end, a new access control model named STBAC for operating system is proposed which can defeat attacks from network while maintaining good compatibility, simplicity and performance. Even in the cases when some processes are subverted, STBAC can still protect vital resources, so that the intruder cannot reach his／her final goal. STBAC regards processes that have done nontrustablecommunication as starting points of suspicious taint, traces the activities of the suspiciously tainted processes and their child processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. The tests on the STBAC prototype show that it can protect system security effectively without imposing heavy compatibility and performance impact upon operating system.