Download KernelSec: An Authorization Model in the Operating System Kernel

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Mobile operating system wikipedia , lookup

Plan 9 from Bell Labs wikipedia , lookup

Spring (operating system) wikipedia , lookup

Burroughs MCP wikipedia , lookup

Smallfoot wikipedia , lookup

Copland (operating system) wikipedia , lookup

RSTS/E wikipedia , lookup

DNIX wikipedia , lookup

CP/M wikipedia , lookup

Distributed operating system wikipedia , lookup

VS/9 wikipedia , lookup

Process management (computing) wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
KernelSec: An Authorization Model in the Operating System
Kernel
Manigandan Radhakrishnan and Jon A. Solworth
University of Illinois at Chicago
{mani, solworth}@rites.uic.edu
http://www.rites.uic.edu/kernelSec
better compatibility or usability by making the
enforcement transparent to applications.
An authorization system is at the core of the mechanisms that provide system security. It is responsible
for allowing or denying user actions (like request to
read or write a file, to connect to a website or kill a
process). Despite considerable research in authorization systems, widely deployed authorization systems
struggle to cope with today’s security needs.
Some of the challenges facing today’s computer systems are
Enforcement Model: The privileges a process has
is a reflection of the set of actions that the process
is allowed to perform. Traditionally, the set of privileges primarily depends on the user running the process The disadvantage is that all the processes of a
user are executed with the entire set of user privileges. In KernelSec, the enforcement engine bases
the authorization not only on the user, but also on
the executable (or the program) and the history of accesses. Keeping track of the history allows KernelSec
to change the privileges available (dynamically) at
run-time.
Associated with every process is a domain which
describes its privileges. In KernelSec, the domain
may be changed to obtain a needed (but missing) privilege. Such dynamic domain transitions allows KernelSec to track process history and suitably
change privileges by switching to a different domain.
Sometimes user actions need to be recorded beyond
the lifetime of a process. KernelSec implements active transitions to support this. KernelSec also implements a sophisticated group mechanism that among
other things can represent relationship among groups.
1. the programs installed on (or downloaded onto)
a system come from a variety of sources, not all
are equally trusted,
2. the users of computer systems vary widely in
terms of their understanding of the underlying
computer security mechanisms, and
3. the lack of sufficient operating system security
mechanisms, in the past, has lead to applications
providing their own security features. This has
several negative consequences, including the fact
that a successful exploitation of a bug in the application can render these protections ineffective.
Hence there is a need for sound operating system
based authorizations that can secure the system in
the face of these challenges.
Implementation: The project at this time is being implemented as part of the GNU/Linux operating system, with the enforcement engine being implestrong protections using a mandatory access con- mented as part of the Linux kernel (v2.6) using the
trol model implemented as part of the operating Linux Security Modules (LSM).
system kernel;
easy configuration using a two-level approach to Poster and Demo: We use the particular case
of Sandboxing to illustrate how the general-purpose
configuration;
mechanisms of KernelSec can be used to dynamrobustness by allowing security changes to the sys- ically confine an application inside a sandboxedtem to be encoded as part of the authorization environment in the event that it is subjected to untrusted data.
state; and
KernelSec Project: KernelSec is a generalpurpose authorization model that provides
1
Related documents
Dale John Giolas MD AUTHORIZATION TO RELEASE HEALTH
Dale John Giolas MD AUTHORIZATION TO RELEASE HEALTH
Authorization to Obtain Patient Information
Authorization to Obtain Patient Information
Database Account/Privileges Request Form
Database Account/Privileges Request Form
Medical Records Release
Medical Records Release
authorization for confidential communication - Moreland OB
authorization for confidential communication - Moreland OB
Saint Louis University Authorization to Obtain Patient Information
Saint Louis University Authorization to Obtain Patient Information
Student Health Center Marchetti Towers East 3518 Laclede Avenue
Student Health Center Marchetti Towers East 3518 Laclede Avenue
Release of information
Release of information
Care Authorization to Obtain Patient Information
Care Authorization to Obtain Patient Information
authorization to release and obtain information
authorization to release and obtain information
AUTHORIZATION FOR RELEASE OF INFORMATION Provider ___________________________
AUTHORIZATION FOR RELEASE OF INFORMATION Provider ___________________________
No Slide Title - Microsoft Research
No Slide Title - Microsoft Research
Travel on Us!
Travel on Us!
Database Security
Database Security
Privileges-Emergency Medicine
Privileges-Emergency Medicine
Emergency Medicine Privileges
Emergency Medicine Privileges
Core privileges
Core privileges
Medicine - Renown Health
Medicine - Renown Health
example - namss.org
example - namss.org
Develop and Implement Criteria-Based Privileging for Nonphysician
Develop and Implement Criteria-Based Privileging for Nonphysician
- NDLScholarship
- NDLScholarship
BY ORDER OF THE AIR FORCE INSTRUCTION 44-119 4 JUNE 2001
BY ORDER OF THE AIR FORCE INSTRUCTION 44-119 4 JUNE 2001