Mandatory Access Control implantation against potential NFS vulnerabilities

Author

Blanc, Mathieu ; Guérin, Kévin ; Lalande, Jean-François ; Port, Vincent Le

Author_Institution

CEA, DIF, Arpajon

fYear

2009

fDate

18-22 May 2009

Firstpage

195

Lastpage

200

Abstract

This paper proposes a technical solution for protecting users using a shared NFS service possibly controlled by a malicious user. The main goal is to protect the integrity and confidentiality of user´s resources. Moreover, we propose to solve a more difficult challenge: how to prevent a malicious user from exploiting a supposed NFS vulnerability in order to read or write the resources of another user? Thus, this paper assumes that a vulnerability might exist in the NFS protocol or software components that gives the ability to a malicious user to execute any arbitrary code on the NFS server. Technical details about the implantation of mandatory access control mechanisms with multi categories on the server side are given. The proposed solution avoids heavy modifications of the clients and only relies on the authentication of these clients.

Keywords

authorisation; data integrity; message authentication; object-oriented programming; NFS vulnerability; authentication; data integrity; malicious user; mandatory access control implantation; network file system; software component; Access control; Access protocols; Authentication; File servers; File systems; Interference; Internet; Network servers; Protection; Web server; MCS; Mandatory Access Control; NFS; SELinux;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaborative Technologies and Systems, 2009. CTS '09. International Symposium on

Conference_Location

Baltimore, MD

Print_ISBN

978-1-4244-4584-4

Electronic_ISBN

978-1-4244-4586-8

Type

conf

DOI

10.1109/CTS.2009.5067481

Filename

5067481