1 / 16

RBAC-Capability Project

RBAC-Capability Project. Design Session I Zutao Zhu 10/23/2009 Derived from Karthick Jayaraman ’s ppt. Agenda. Self - status check Summary of requirements Design questions Privileged user operations Representing role and capabilities Session representation Delegation

saki
Download Presentation

RBAC-Capability Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RBAC-Capability Project Design Session I Zutao Zhu 10/23/2009 Derived from Karthick Jayaraman’s ppt

  2. Agenda • Self - status check • Summary of requirements • Design questions • Privileged user operations • Representing role and capabilities • Session representation • Delegation • Separation of duty • Setuid

  3. SELF Status check

  4. Self Status Check • Expectations • Understood requirements • Comfortable with making changes to Minix3 • Compiling the kernel • Adding a new system call • Familiar with important portions of the source code. • Exceeding expectations • Finished preliminary design and started coding.

  5. SUMMARY of REquirements

  6. Requirements • RBAC-Capability should co-exist ACL. • UA : User – role mapping • PA : Role – capability mapping • A privileged user controls (UA) and (PA) assignment.. • A login session is a RBAC session. All processes in an login session belong to the same RBAC session.

  7. Requirements - continued • The CAP_ROLE_DELEGATE role should entitle a user to delegate his/her roles to others temporarily, and also revoke them at a later time. • Enable, disable, and drop roles. • Separation of duty: • SSD and DSD rules. • Supporting SETUID • Traditional setuid programs should work • Should also support an equivalent of setuid in the RBAC capability model.

  8. Design questions

  9. Privileged User Operations • Who is the Privileged user ? • How to maintain UA and PA assignment? • Where to store ? • Who will update ? • Privileged user operations • Role_Adduser, Role_Removeuser, Role_Addpermission, Role_Removepermission, Add_Role_to_Program.

  10. Representing Roles and Capabilities • Observe file-descriptor management • How to represent a role ? • What information should each role contain ? • How to represent a capability ? • What information should each capability contain ? • Should a process reference role / capability ? • Information depends on role-operations • ActivateRole, DeactivateRole, DropRole, DelegateRole, RevokeRole

  11. Session Representation • RBAC Session : Each login session. • A subset of user-roles is active for each session. • A user may have multiple sessions. • Each session may have different roles active. • All processes in a login session should have the same set of roles. • How to represent a session ? • What does the process carry ?

  12. Delegation • CAP_ROLE_DELEGATE • Delegated roles are available to users immediately. • User should explicitly activate delegated roles. • The delegated roles should be available to all user-sessions.

  13. Separation of Duty • Static Separation of Duty (SSD) • Dynamic separation of Duty (DSD) • When to check each? • How to represent the rules? • Who can update the rules?

  14. Setuid Mechanism • Setuid programs • Traditional setuid programs should work. • How could a RBAC-aware support a setuid equivalent mechanism ? • What is the meaning of these system calls in the RBAC model: • Setuid() • Seteuid()

  15. Next milestone • Setup all kernel data-structures required for supporting RBAC-capability. • Implement all role operations. • Should have a facility to printout all role / capabilities for the process. • Should be able to show the correctness of all role operations.

  16. Thank you

More Related