Skip to main page content
Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
, 2014, 395-408

Application-Defined Decentralized Access Control

Application-Defined Decentralized Access Control

Yuanzhong Xu et al. Proc USENIX Annu Tech Conf.

Abstract

DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%-9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications' security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes.

Figures

Figure 1
Figure 1
Overview of processes, objects and attribute gateways in DCAC.
Figure 2
Figure 2
Ad hoc sharing with DCAC. Alice shares files by allowing .u.alice.g.mygrp read access. She then creates an attribute gateway allowing .u.bob to add the attribute.
Figure 3
Figure 3
Authentication of sub-users in our modified sshd: support for arbitrary nesting of sub-principals.
Figure 4
Figure 4
RAB results on local ext4 and NFSv3. 20,000 directories are created in the mkdir phase, and 100 files of 1 KB each are copied to 500 directories in the copy phase. The slowdown is relative to unmodified Linux.

Similar articles

See all similar articles

LinkOut - more resources

Feedback