Title :
Enabling Role-Based Delegation and Revocation on Security-Enhanced Linux
Author :
Ahn, Gail-Joon ; Garni, D.
Author_Institution :
Univ. of North Carolina, Charlotte
Abstract :
An increasing number of attacks experienced in existing enterprise networks and applications have recently created a huge demand for security mechanisms of operating systems. As a consequence, security-enhanced Linux (SELinux) was proposed by NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, re quiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.
Keywords :
Linux; authorisation; access control; role-based delegation; security-enhanced Linux; Access control; Collaboration; Electrical equipment industry; Information security; Kernel; Labeling; Large-scale systems; Linux; Operating systems; Prototypes;
Conference_Titel :
Computers and Communications, 2007. ISCC 2007. 12th IEEE Symposium on
Conference_Location :
Aveiro
Print_ISBN :
978-1-4244-1520-5
Electronic_ISBN :
1530-1346
DOI :
10.1109/ISCC.2007.4381574
