Chinese-wall process confinement for practical distributed coalitions

Abstract

A distributed coalition supports distributed mandatory access controls for resources whose security policies differ for each group of components over nodes, and provides secure information operations and exchanges with nodes that handle information over which conflicts of interest may occur. Many projects have proposed distributed coalitions using a virtual machine monitor, but this approach for strong confinement tends to hinder successful deployments in real world scenarios that involve complicated operations and management for applications because such access control is coarse-grained for the resources. In this paper, we propose a Chinese-Wall Process Confinement (CWPC) for practical application-level distributed coalitions that provide fine-grained access controls for resources and that emphasize minimizing the impact on the usability, using a program-transparent reference monitor. We implemented a prototype system named ALDC for standard office applications on Microsoft Windows that are used on a daily basis for business purposes and that may involve conflicts of interests, evaluated its performance and influence on usability, and show that our approach is practical. Copyright 2007 ACM.