{"id":"https://openalex.org/W7125120225","doi":"https://doi.org/10.48550/arxiv.2601.14021","title":"OAMAC: Origin-Aware Mandatory Access Control for Practical Post-Compromise Attack Surface Reduction","display_name":"OAMAC: Origin-Aware Mandatory Access Control for Practical Post-Compromise Attack Surface Reduction","publication_year":2026,"publication_date":"2026-01-20","ids":{"openalex":"https://openalex.org/W7125120225","doi":"https://doi.org/10.48550/arxiv.2601.14021"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2601.14021","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.14021","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2601.14021","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123482352","display_name":"Omer Abdelmajeed Idris Mohammed","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mohammed, Omer Abdelmajeed Idris","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5026951044","display_name":"\u0130lhami Muharrem Orak","orcid":"https://orcid.org/0000-0002-7219-4209"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Orak, Ilhami M.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9341999888420105,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9341999888420105,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.01209999993443489,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.011500000022351742,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mandatory-access-control","display_name":"Mandatory access control","score":0.8878999948501587},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.6717000007629395},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6520000100135803},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4821000099182129},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.47290000319480896},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.43709999322891235},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4072999954223633},{"id":"https://openalex.org/keywords/discretionary-access-control","display_name":"Discretionary access control","score":0.3959999978542328},{"id":"https://openalex.org/keywords/identity","display_name":"Identity (music)","score":0.3952000141143799},{"id":"https://openalex.org/keywords/physical-access","display_name":"Physical access","score":0.38769999146461487}],"concepts":[{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.8878999948501587},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7612000107765198},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.6717000007629395},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6520000100135803},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5891000032424927},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4821000099182129},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.47290000319480896},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.43709999322891235},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4072999954223633},{"id":"https://openalex.org/C48814466","wikidata":"https://www.wikidata.org/wiki/Q1228590","display_name":"Discretionary access control","level":4,"score":0.3959999978542328},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.3952000141143799},{"id":"https://openalex.org/C1304207","wikidata":"https://www.wikidata.org/wiki/Q7189582","display_name":"Physical access","level":3,"score":0.38769999146461487},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.3797999918460846},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.3741999864578247},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.3732999861240387},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.35420000553131104},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33820000290870667},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.3361999988555908},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32899999618530273},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.31949999928474426},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.3068000078201294},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.29600000381469727},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.2937000095844269},{"id":"https://openalex.org/C57041688","wikidata":"https://www.wikidata.org/wiki/Q220644","display_name":"Service-oriented architecture","level":3,"score":0.2930999994277954},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.29089999198913574},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.2903999984264374},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2833999991416931},{"id":"https://openalex.org/C555379026","wikidata":"https://www.wikidata.org/wiki/Q977772","display_name":"Identity management","level":3,"score":0.2768000066280365},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.2761000096797943},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.27000001072883606},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2678000032901764},{"id":"https://openalex.org/C203479927","wikidata":"https://www.wikidata.org/wiki/Q5165939","display_name":"Controller (irrigation)","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.26080000400543213},{"id":"https://openalex.org/C2778002324","wikidata":"https://www.wikidata.org/wiki/Q4488810","display_name":"Access management","level":2,"score":0.26010000705718994},{"id":"https://openalex.org/C132829578","wikidata":"https://www.wikidata.org/wiki/Q581151","display_name":"Situated","level":2,"score":0.25839999318122864},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.25220000743865967}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2601.14021","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.14021","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2601.14021","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.14021","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"score":0.789128303527832,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"operating":[1,205],"systems":[2],"provide":[3],"powerful":[4],"mandatory":[5,55],"access":[6,56,86],"control":[7,57,152],"mechanisms,":[8],"yet":[9],"they":[10],"largely":[11],"reason":[12],"about":[13],"who":[14],"executes":[15],"code":[16],"rather":[17,94],"than":[18,95],"how":[19],"execution":[20,65,77,92,129,197],"originates.":[21],"As":[22],"a":[23,59,80,112,168,200,214],"result,":[24],"processes":[25],"launched":[26],"remotely,":[27],"locally,":[28],"or":[29,75,226],"by":[30],"background":[31],"services":[32],"are":[33,39,155],"often":[34],"treated":[35],"equivalently":[36],"once":[37],"privileges":[38],"obtained,":[40],"complicating":[41],"security":[42,82,207,228],"reasoning":[43],"and":[44,139,148,161,191,209],"enabling":[45,98],"post-compromise":[46,180],"abuse":[47],"of":[48],"sensitive":[49,145],"system":[50,192,206],"interfaces.":[51],"We":[52,110,194],"introduce":[53],"origin-aware":[54,141],"(OAMAC),":[58],"kernel-level":[60],"enforcement":[61],"model":[62],"that":[63,175,196,210],"treats":[64],"origin":[66,130,135,198],"--":[67,78],"such":[68],"as":[69,79],"physical":[70],"user":[71],"presence,":[72],"remote":[73,184],"access,":[74],"service":[76],"first-class":[81,215],"attribute.":[83],"OAMAC":[84,127,176],"mediates":[85],"to":[87,183,213],"security-critical":[88],"subsystems":[89],"based":[90],"on":[91,143],"provenance":[93],"identity":[96],"alone,":[97],"centralized":[99],"governance":[100],"over":[101],"multiple":[102],"attack":[103,219],"surfaces":[104],"while":[105,186],"significantly":[106],"reducing":[107],"policy":[108],"complexity.":[109],"present":[111],"deployable":[113],"prototype":[114],"implemented":[115],"entirely":[116],"using":[117,131],"the":[118,149],"Linux":[119],"eBPF":[120,159],"LSM":[121],"framework,":[122],"requiring":[123,223],"no":[124],"kernel":[125,150],"modifications.":[126],"classifies":[128],"kernel-visible":[132],"metadata,":[133],"propagates":[134],"across":[136],"process":[137],"creation,":[138],"enforces":[140],"policies":[142],"both":[144],"filesystem":[146],"interfaces":[147],"BPF":[151],"plane.":[153],"Policies":[154],"maintained":[156],"in":[157,203],"kernel-resident":[158],"maps":[160],"can":[162],"be":[163],"reconfigured":[164],"at":[165],"runtime":[166],"via":[167],"minimal":[169],"userspace":[170],"tool.":[171],"Our":[172],"evaluation":[173],"demonstrates":[174],"effectively":[177],"restricts":[178],"common":[179],"actions":[181],"available":[182],"attackers":[185],"preserving":[187],"normal":[188],"local":[189],"administration":[190],"stability.":[193],"argue":[195],"represents":[199],"missing":[201],"abstraction":[202],"contemporary":[204],"models,":[208],"elevating":[211],"it":[212],"concept":[216],"enables":[217],"practical":[218],"surface":[220],"reduction":[221],"without":[222],"subsystem-specific":[224],"expertise":[225],"heavyweight":[227],"frameworks.":[229]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-01-22T00:00:00"}
