Enhancing the OS against Security Threats in System Administration

Abstract : The consequences of security breaches due to system administrator errors can be catastrophic. Software systems in general, and OSes in particular, ultimately depend on a fully trusted administrator whom is granted superuser privileges that allow him to fully control the system. Consequently, an administrator acting negligently or unethically can easily compromise user data in irreversible ways by leaking, modifying, or deleting data. In this paper we propose a new set of guiding principles for OS design that we call the broker security model. Our model aims to increase OS security without hindering manageability. This is achieved by a two-step process that (1) restricts administrator privileges to preclude inspection and modification of user data, and (2) allows for management tasks that are mediated by a layer of trusted programs—brokers—interposed between the management interface and system objects. We demonstrate the viability of this approach by building BrokULOS, a Linux-based OS that suppresses superuser privileges and exposes a narrow management interface consisting of a set of tailor-made brokers. Our evaluation shows that our modifications to Linux add negligible overhead to applications while preserving system manageability.
Type de document :
Communication dans un congrès
Priya Narasimhan; Peter Triantafillou. 13th International Middleware Conference (MIDDLEWARE), Dec 2012, Montreal, QC, Canada. Springer, Lecture Notes in Computer Science, LNCS-7662, pp.415-435, 2012, Middleware 2012. 〈10.1007/978-3-642-35170-9_21〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01555541
Contributeur : Hal Ifip <>
Soumis le : mardi 4 juillet 2017 - 11:32:53
Dernière modification le : lundi 20 août 2018 - 13:36:04
Document(s) archivé(s) le : jeudi 14 décembre 2017 - 23:07:02

Fichier

978-3-642-35170-9_21_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Nuno Santos, Rodrigo Rodrigues, Bryan Ford. Enhancing the OS against Security Threats in System Administration. Priya Narasimhan; Peter Triantafillou. 13th International Middleware Conference (MIDDLEWARE), Dec 2012, Montreal, QC, Canada. Springer, Lecture Notes in Computer Science, LNCS-7662, pp.415-435, 2012, Middleware 2012. 〈10.1007/978-3-642-35170-9_21〉. 〈hal-01555541〉

Partager

Métriques

Consultations de la notice

30

Téléchargements de fichiers

30