fedir/ICFS-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ICFS-thesis/literatura.bib
fedir cf5d97f38e
Final edits
2025-05-23 13:30:01 +02:00

183 lines
10 KiB
BibTeX
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

@article{FGACFS,
doi = {https://doi.org/10.1016/j.cose.2019.101632},
keywords = {Access control, Folder sharing, ACL, Filesystems, FUSE, Userspace filesystem},
pages = {101632},
year = {2020},
url = {https://www.sciencedirect.com/science/article/pii/S0167404819301798},
title = {FGACFS: A fine-grained access control for *nix userspace file system},
journal = {Computers \& Security},
author = {Nikita Yu. Lovyagin and George A. Chernishev and Kirill K. Smirnov and Roman Yu. Dayneko},
volume = {88},
abstract = {In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.},
issn = {0167-4048},
}
@article{MCINTOSH,
issn = {0167-4048},
abstract = {Ransomware attacks are often catastrophic, yet existing reactive and preventative measures could only partially mitigate ransomware damage, often not in a timely manner, and often cannot prevent the novel attack vectors. Many of them were program-centric or data-centric and did not take into consideration user intention or consent. In this paper, we advocate for a dynamic approach of detecting ransomware-like behaviors by proposing a user-centric access control framework, which collects security indicators from the Operating System (OS) to deduct security metrics, compute security indicators and estimate security positions, to dynamically make access control assessments on file access requests. To demonstrate its applicability, we effectuated the principles of User-Driven Access Control (UDAC) for user intention (the goal of a user operation) and Content-Based Isolation (CBI) for user consent (the acceptance of the consequence of a user operation), and developed a proof-of-concept prototype on Windows desktop platforms. It collected information that could reveal the application identity, behavior and the OS environmental factor, before assessing whether an access request to the file system violated the principles of UDAC or CBI. Our prototype was able to raise early warnings on both attacks by real and simulated ransomware of novel vectors.},
year = {2021},
keywords = {Access control, Ransomware, Malware, File system, User intention, User Consent},
journal = {Computers \& Security},
title = {Dynamic user-centric access control for detection of ransomware attacks},
volume = {111},
url = {https://www.sciencedirect.com/science/article/pii/S0167404821002856},
doi = {https://doi.org/10.1016/j.cose.2021.102461},
pages = {102461},
author = {Timothy McIntosh and A.S.M. Kayes and Yi-Ping Phoebe Chen and Alex Ng and Paul Watters},
}
@article{BIGSURSTAT,
publisher = {Association for Computing Machinery},
title = {A Survey on Empirical Security Analysis of Access-control Systems: A Real-world Perspective},
articleno = {123},
month = {December},
abstract = {There any many different access-control systems, yet a commonality is that they provide flexible mechanisms to enforce different access levels. Their importance in organisations to adequately restrict resources, coupled with their use in a dynamic environment, mandates the need to routinely perform policy analysis. The aim of performing analysis is often to identify potential problematic permissions, which have the potential to be exploited and could result in data theft and unintended modification. There is a vast body of published literature on analysing access-control systems, yet as performing analysis has a strong end-user motivation and is grounded in security challenges faced in real-world systems, it is important to understand how research is developing, what are the common themes of interest, and to identify key challenges that should be addressed in future work. To the best of the authors knowledge, no survey has been performed to gain an understanding of empirical access-control analysis, focussing on how techniques are evaluated and how they align to the needs of real-world analysis tasks. This article provides a systematic literature review, identifying and summarising key works. Key findings are identified and discussed as areas of future work.},
year = {2022},
url = {https://doi.org/10.1145/3533703},
issn = {0360-0300},
number = {6},
volume = {55},
journal = {ACM Comput. Surv.},
issue_date = {June 2023},
address = {New York, NY, USA},
numpages = {28},
keywords = {Access control, security policy, analysis, empirical analysis},
author = {Parkinson, Simon and Khan, Saad},
doi = {10.1145/3533703},
}
@inproceedings{DunlapMAC,
doi = {10.1145/3532105.3535016},
url = {https://doi.org/10.1145/3532105.3535016},
title = {A Study of Application Sandbox Policies in Linux},
booktitle = {Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies},
location = {New York, NY, USA},
address = {New York, NY, USA},
abstract = {Desktop operating systems, including macOS, Windows 10, and Linux, are adopting the application-based security model pervasive in mobile platforms. In Linux, this transition is part of the movement towards two distribution-independent application platforms: Flatpak and Snap. This paper provides the first analysis of sandbox policies defined for Flatpak and Snap applications, covering 283 applications contained in both platforms. First, we find that 90.1\% of Snaps and 58.3\% of Flatpak applications studied are contained by tamperproof sandboxes. Further, we find evidence that package maintainers actively attempt to define least-privilege application policies. However, defining policy is difficult and error-prone. When studying the set of matching applications that appear in both Flatpak and Snap app stores, we frequently found policy mismatches: e.g., the Flatpak version has a broad privilege (e.g., file access) that the Snap version does not, or vice versa. This work provides confidence that Flatpak and Snap improve Linux platform security while highlighting opportunities for improvement.},
pages = {1930},
numpages = {12},
year = {2022},
isbn = {9781450393577},
publisher = {Association for Computing Machinery},
author = {Dunlap, Trevor and Enck, William and Reaves, Bradley},
keywords = {sandbox policy, access control, Linux applications},
series = {SACMAT '22},
}
@online{FLATPAK,
title = {FlatPak - The future of application distribution on Linux.},
url = {https://flatpak.org/},
organization = {Flatpak Team},
year = {2025}
}
@online{SNAP,
title = {Snapcraft - Snaps are universal Linux packages.},
url = {https://snapcraft.io/},
organization = {Canonical Ltd.},
year = {2025}
}
@online{APPIMAGE,
title = {AppImage | Linux apps that run anywhere },
url = {https://appimage.org/},
author = {Simon Peter},
year = {2019}
}
@online{ANDR11PERM,
title = {Permissions updates in Android 11},
url = {https://developer.android.com/about/versions/11/privacy/permissions},
year = {2025}
}
@online{FUSE,
title = {FUSE — The Linux Kernel documentation},
url = {https://www.kernel.org/doc/html/latest/filesystems/fuse.html},
}
@manual{MANOPEN,
title = {open(2) System Calls Manual},
organization = {Free Software Foundation},
edition = {6.9.1},
year = 2024,
month = 5,
}
@online{CC,
title = {GitHub - JacksonAllan/CC: A small, usability-oriented generic container library.},
author = {Jackson L. Allan},
year = {2025},
url = {https://github.com/JacksonAllan/CC}
}
@online{SOPROCNOTIF,
title = {c++ - How to get notified when a process ends under linux? - Stack Overflow},
year = {2016},
url = {https://stackoverflow.com/questions/34800568/how-to-get-notified-when-a-process-ends-under-linux}
}
@online{SOSETPID,
title = {How to set process ID in Linux for a specific program - Stack Overflow},
year = {2014},
url = {https://stackoverflow.com/questions/18122592/how-to-set-process-id-in-linux-for-a-specific-program}
}
@online{GTK,
title = {The GTK Project - A free and open-source cross-platform widget toolkit},
year = {2025},
organization = {GTK Team},
version={4.18.4},
url = {https://gtk.org/}
}
@online{ADW,
title = {Adwaita},
year = {2025},
organization = {The GNOME Project},
version={1.7.2},
url = {https://gnome.pages.gitlab.gnome.org/libadwaita/}
}
@online{SQLITE,
title={{SQLite}},
url={https://www.sqlite.org/index.html},
version={3.47.2},
year={2024},
author={Hipp, Richard D}
}
@online{LIBFUSE,
title={{libfuse}},
url={https://github.com/libfuse/libfuse},
version={3.17.2},
year={2025},
}
@online{XDOTOOL,
title={{jordansissel/xdotool: fake keyboard/mouse input, window management, and more}},
url={https://github.com/jordansissel/xdotool},
version={3.20211022.1},
year={2021},
}
@online{YDOTOOL,
title={{ReimuNotMoe/ydotool: Generic command-line automation tool (no X!)}},
url={https://github.com/ReimuNotMoe/ydotool},
version={1.0.4},
year={2023},
}
@software{tange_2024_14550073,
author = {Tange, Ole},
title = {GNU Parallel 20241222 ('Bashar')},
month = Dec,
year = 2024,
note = {{GNU Parallel is a general parallelizer to run
multiple serial command line programs in parallel
without changing them.}},
publisher = {Zenodo},
doi = {10.5281/zenodo.14550073},
url = {https://doi.org/10.5281/zenodo.14550073}
}
Reference in New Issue View Git Blame Copy Permalink