Hardware-Assisted Application-Level Access Control


Information Security Conference, Pisa, Italy (2009)


Applications typically rely on the operating system to en- force access control policies such as MAC, DAC, or other policies. How- ever, in the face of a compromised operating system, such protection mechanisms may be ine ective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive in- formation, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-speci c policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the de- pendency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator speci- es who has access to the le created and maintains this control after the le has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can imple- ment many di erent policies, not just the originator-controlled policy that we have de ned. We also propose a general methodology for trust- partitioning an application into security-critical and non-critical parts.

chen_isc09.pdf1.38 MB