Evaluating and comparing the quality of access control in different operating systems

Abstract

Access control mechanisms (ACMs) have been widely used by operating systems (OSes) to protect information security. However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different OS platforms. This article presents an approach to quantitatively measure and compare the quality of ACMs, which provides useful information to support OS administrators and users to choose ACMs that fit with their security needs.We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against malicious attacks, based on which vulnerability coefficients are computed as the numeric and platform-independent measurement of the QoP of ACMs. The approach combines the grey system theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. We implement a prototype called ACVAL based on the approach, and apply it to four mainstream ACMs. The results show that ACVAL is effective in evaluating and comparing ACMs across different OSes, a feature particularly useful to administrators of heterogeneous IT systems. To the best of our knowledge, our approach is the first to quantitative measurement and comparison of ACMs across OSes.