1 / 14

Access Control in GAIA Operating System

Access Control in GAIA Operating System. GAIA. OS for ubiquitous system. Built at middle-ware level built over native participating OS It has a context aware file system Each file is encapsulated in a container Each file has some context variables defined for it.

violet-mcintosh
Download Presentation

Access Control in GAIA Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control in GAIA Operating System

  2. GAIA • OS for ubiquitous system. • Built at middle-ware level built over native participating OS • It has a context aware file system • Each file is encapsulated in a container • Each file has some context variables defined for it.

  3. Context File System of GAIA <CFS:Storage> <CFS:Owner>Munawar</CFS:Owner> <CFS:Host>srg181</CFS:Host> <CFS:Path>c:\Temp\15687</CFS:Path> <CFS:Context> <CFS:Type>situation</CFS:Type> <CFS:Value>class-presentation</CFS:Value> </CFS:Context> <CFS:Context> <CFS:Type>location</CFS:Type> <CFS:Value>106B1-Engg Hall</CFS:Value> </CFS:Context> </CFS:Storage>

  4. Problem Statement Implement cryptographic access control for GAIA's Context File System. Identifying the User making the request General problem of cryptographic access control

  5. The whole problem is a jigsaw puzzle and it’s a matter of putting the pieces in the right position And make correct decisions to get the whole solution.

  6. Client Side Support At this point all users make request as root while accessing files. So, the client side CORBA interceptor should have a mechanism of including the user ID with every file access request. Decision 1 – Add user ID with every File access request.

  7. Communication between client-server should be secure We would use OpenSSH for crypto solution and some key-generation protocol for session key management. An existing protocol like Otway-Rees would be used.

  8. Maintaining the Access Control List Add an additional field to the XML definition for each file <CFS:Privilege>rwxr—r-x</CFS:Privilege> Looks a Lot like UNIX !!!!!!! We have to implement some user and group management scheme like UNIX.

  9. File Access Policies Clients have different native OS – therefore the files should undergo filtering before being sent to clients. A filtering mechanism is already existent – Some augmentation may be necessary.

  10. Credentials GAIA AS provides credentials Jalal is working on this. We would be using his component

  11. Everything in middleware

  12. Current Activities • Creating a draft of design • Going through the code • And a lot of reading materials, • ,phew…

  13. Almost left an Important point Where are we putting the privilege information and how do we secure it?

  14. Suggestions and Questions ??

More Related