Transforming commodity security policies to enforce Clark-Wilson integrity

Divya Muthukumaran, Sandra Rueda, Nirupama Talele, Hayawardh Vijayakumar, Jason Teutsch, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations


Modern distributed systems are composed from several off-the-shelf components, including operating systems, virtualization infrastructure, and application packages, upon which some custom application software (e.g., web application) is often deployed. While several commodity systems now include mandatory access control (MAC) enforcement to protect the individual components, the complexity of such MAC policies and the myriad of possible interactions among individual hosts in distributed systems makes it difficult to identify the attack paths available to adversaries. As a result, security practitioners react to vulnerabilities as adversaries uncover them, rather than proactively protecting the system's data integrity. In this paper, we develop a mostly-automated method to transform a set of commodity MAC policies into a system-wide policy that proactively protects system integrity, approximating the Clark-Wilson integrity model. The method uses the insights from the Clark-Wilson model, which requires integrity verification of security-critical data and mediation at program entrypoints, to extend existing MAC policies with the proactive mediation necessary to protect system integrity. We demonstrate the practicality of producing Clark-Wilson policies for distributed systems on a web application running on virtualized Ubuntu SELinux hosts, where our method finds: (1) that only 27 additional entrypoint mediators are sufficient to mediate the threats of remote adversaries over the entire distributed system and (2) and only 20 additional local threats require mediation to approximate Clark-Wilson integrity comprehensively. As a result, available security policies can be used as a foundation for proactive integrity protection from both local and remote threats.

Original languageEnglish (US)
Title of host publicationProceedings - 28th Annual Computer Security Applications Conference, ACSAC 2012
PublisherAssociation for Computing Machinery
Number of pages10
ISBN (Print)9781450313124
StatePublished - 2012
Event28th Annual Computer Security Applications Conference, ACSAC 2012 - Orlando, FL, United States
Duration: Dec 3 2012Dec 7 2012

Publication series

NameACM International Conference Proceeding Series


Other28th Annual Computer Security Applications Conference, ACSAC 2012
Country/TerritoryUnited States
CityOrlando, FL

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Transforming commodity security policies to enforce Clark-Wilson integrity'. Together they form a unique fingerprint.

Cite this