150 likes | 228 Views
RBAC-Capability Project. Design Session II Zutao Zhu Derived from Karthick Jayaraman. Agenda. Announcements Design questions Delegation Separation of duty Setuid Task list for project. Notices. Notices. Design session I minutes are online. Design document
E N D
RBAC-Capability Project Design Session II Zutao Zhu Derived from Karthick Jayaraman
Agenda • Announcements • Design questions • Delegation • Separation of duty • Setuid • Task list for project
Notices • Design session I minutes are online. • Design document • Due on Monday, Nov5, 2009 • You may just summarize your plan for each design section. • Please do not make an elaborate document.
Delegation • CAP_ROLE_DELEGATE • Delegated roles are available to users immediately. • User should explicitly activate delegated roles. • The delegated roles should be available to all user-sessions. • Delegation ends when machine reboots or the delegating user revokes the delegation. • Revocation: Revoking a delegation chain is a challenge.
Delegation - continued • Questions: • Where to store delegated roles? • How to enforce SSD and DSD for a delegation? • How to do revocation?
Separation of Duty • Static Separation of Duty (SSD) • Dynamic separation of Duty (DSD) • When to check each? • How to represent the rules? • Who can update the rules? • Can the rules keep changing often?
Setuid Mechanism • Setuid programs • Traditional setuid programs should work. • Set-owner-role program: How could a RBAC-aware support a setuid equivalent mechanism? • Do we need a different identification mechanism for set-owner-role program ?
Setuid Mechanism - Continued • What is the meaning of these system calls in the RBAC model: • Setuid() • Seteuid() • Should these system calls be allowed for a set-owner-role program?
Stages • Implementing commands to do UA and PA assignment. • Defining all kernel level data structures required for supporting RBAC-Capability. • Representing roles and capabiities. • Representing session. • Additional data structure(s) to support delegation. • Changes to fproc structure. • Changing login.c to setup a session.
Stages - continued • Implementing role operations: Enable / Disable / and Drop session. • Implementing delegation. • Writing functions and commands to check SSD and DSD rules. • Supporting set-owner-role programs. • Changes to reference monitor.
Next milestone • Setup all kernel data-structures required for supporting RBAC-capability. • Implement all role operations. • Should have a facility to printout all role / capabilities for the process. • Should be able to show the correctness of all role operations.