TY - GEN
T1 - Enabling role-based delegation and revocation on security-enhanced Linux
AU - Ahn, Gail Joon
AU - Garni, Dhruv
PY - 2007
Y1 - 2007
N2 - An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.
AB - An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.
UR - http://www.scopus.com/inward/record.url?scp=48049096531&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=48049096531&partnerID=8YFLogxK
U2 - 10.1109/ISCC.2007.4381574
DO - 10.1109/ISCC.2007.4381574
M3 - Conference contribution
AN - SCOPUS:48049096531
SN - 1424415217
SN - 9781424415212
T3 - Proceedings - IEEE Symposium on Computers and Communications
SP - 865
EP - 870
BT - 12th IEEE International Symposium on Computers and Communications, ISCC '07
T2 - 12th IEEE International Symposium on Computers and Communications, ISCC '07
Y2 - 1 July 2007 through 4 July 2007
ER -