Enabling role-based delegation and revocation on security-enhanced Linux

Gail Joon Ahn; Dhruv Garni

doi:10.1109/ISCC.2007.4381574

Enabling role-based delegation and revocation on security-enhanced Linux

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.

Original language	English (US)
Title of host publication	12th IEEE International Symposium on Computers and Communications, ISCC '07
Pages	865-870
Number of pages	6
DOIs	https://doi.org/10.1109/ISCC.2007.4381574
State	Published - 2007
Externally published	Yes
Event	12th IEEE International Symposium on Computers and Communications, ISCC '07 - Aveiro, Portugal Duration: Jul 1 2007 → Jul 4 2007

Publication series

Name	Proceedings - IEEE Symposium on Computers and Communications
ISSN (Print)	1530-1346

Other

Other	12th IEEE International Symposium on Computers and Communications, ISCC '07
Country/Territory	Portugal
City	Aveiro
Period	7/1/07 → 7/4/07

ASJC Scopus subject areas

Software
Signal Processing
General Mathematics
Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/ISCC.2007.4381574

Cite this

Ahn, GJ & Garni, D 2007, Enabling role-based delegation and revocation on security-enhanced Linux. in 12th IEEE International Symposium on Computers and Communications, ISCC '07., 4381574, Proceedings - IEEE Symposium on Computers and Communications, pp. 865-870, 12th IEEE International Symposium on Computers and Communications, ISCC '07, Aveiro, Portugal, 7/1/07. https://doi.org/10.1109/ISCC.2007.4381574

@inproceedings{7e0c2e55a31a4eaebe716969c1b38a3d,

title = "Enabling role-based delegation and revocation on security-enhanced Linux",

abstract = "An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.",

author = "Ahn, {Gail Joon} and Dhruv Garni",

year = "2007",

doi = "10.1109/ISCC.2007.4381574",

language = "English (US)",

isbn = "1424415217",

series = "Proceedings - IEEE Symposium on Computers and Communications",

pages = "865--870",

booktitle = "12th IEEE International Symposium on Computers and Communications, ISCC '07",

note = "12th IEEE International Symposium on Computers and Communications, ISCC '07 ; Conference date: 01-07-2007 Through 04-07-2007",

}

TY - GEN

T1 - Enabling role-based delegation and revocation on security-enhanced Linux

AU - Ahn, Gail Joon

AU - Garni, Dhruv

PY - 2007

Y1 - 2007

N2 - An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.

AB - An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.

UR - http://www.scopus.com/inward/record.url?scp=48049096531&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=48049096531&partnerID=8YFLogxK

U2 - 10.1109/ISCC.2007.4381574

DO - 10.1109/ISCC.2007.4381574

M3 - Conference contribution

AN - SCOPUS:48049096531

SN - 1424415217

SN - 9781424415212

T3 - Proceedings - IEEE Symposium on Computers and Communications

SP - 865

EP - 870

BT - 12th IEEE International Symposium on Computers and Communications, ISCC '07

T2 - 12th IEEE International Symposium on Computers and Communications, ISCC '07

Y2 - 1 July 2007 through 4 July 2007

ER -

Enabling role-based delegation and revocation on security-enhanced Linux

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this