Enabling role-based delegation and revocation on security-enhanced Linux

Gail Joon Ahn, Dhruv Garni

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

An increasing number of attacks experienced in existing enterprise networks and applications have recently createda huge demand for security mechanisms of operating systems. As a consequence, Security-Enhance d Linux (SELinux) was proposedby NSA and the industries have adopted SELinux at a fast rate. More and more enterprises are planning to move their business operations to such a secure computing environment, requiring the features of delegation and revocation. In this paper we seek to address the issue of how to leverage a role-based delegation in SELinux while minimizing the modification of SELinux system modules. Our approach is to utilize the flexible policy system used in SELinux that allows for custom rules to be defined for supporting access control requirements. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.

Original languageEnglish (US)
Title of host publication12th IEEE International Symposium on Computers and Communications, ISCC '07
Pages865-870
Number of pages6
DOIs
StatePublished - 2007
Externally publishedYes
Event12th IEEE International Symposium on Computers and Communications, ISCC '07 - Aveiro, Portugal
Duration: Jul 1 2007Jul 4 2007

Publication series

NameProceedings - IEEE Symposium on Computers and Communications
ISSN (Print)1530-1346

Other

Other12th IEEE International Symposium on Computers and Communications, ISCC '07
CountryPortugal
CityAveiro
Period7/1/077/4/07

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Mathematics(all)
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Enabling role-based delegation and revocation on security-enhanced Linux'. Together they form a unique fingerprint.

Cite this