While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture AppSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and thus to easily tailor an AppSPEAR implementation to individual application requirements. We especially argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on an electronic medical record system.
翻译:虽然20多年来一直有各种办法将安全政策纳入操作系统,但应用系统往往使用要求个别安全政策的更高抽象性物体,需要针对具体应用的语义学。由于操作系统支持不足,目前执行应用级政策的方法通常会导致庞大和复杂的可信赖计算基础,造成难以实现的防错和正确性。为了缓解这一问题,我们提议采用应用级政策执行架构AppSPEAR和一个实施框架C+++。可配置框架使开发者能够平衡不同的实施备选方案对执法的苛刻性和成本,从而能够方便地使AppSPEAR的实施适应个人的申请要求。我们特别认为,基于硬件的可信赖执行环境在政策保护和执法的效力和效率之间提供了最佳平衡。这一说法得到了基于电子医疗记录系统的实用评价的证实。