Presentation is loading. Please wait.

Presentation is loading. Please wait.

RBAC-Capability Project

Similar presentations


Presentation on theme: "RBAC-Capability Project"— Presentation transcript:

1 RBAC-Capability Project
Design Session I Zutao Zhu 10/23/2009 Derived from Karthick Jayaraman’s ppt

2 Agenda Self - status check Summary of requirements Design questions
Privileged user operations Representing role and capabilities Session representation Delegation Separation of duty Setuid

3 SELF Status check

4 Self Status Check Expectations Exceeding expectations
Understood requirements Comfortable with making changes to Minix3 Compiling the kernel Adding a new system call Familiar with important portions of the source code. Exceeding expectations Finished preliminary design and started coding.

5 SUMMARY of REquirements

6 Requirements RBAC-Capability should co-exist ACL.
UA : User – role mapping PA : Role – capability mapping A privileged user controls (UA) and (PA) assignment.. A login session is a RBAC session. All processes in an login session belong to the same RBAC session.

7 Requirements - continued
The CAP_ROLE_DELEGATE role should entitle a user to delegate his/her roles to others temporarily, and also revoke them at a later time. Enable, disable, and drop roles. Separation of duty: SSD and DSD rules. Supporting SETUID Traditional setuid programs should work Should also support an equivalent of setuid in the RBAC capability model.

8 Design questions

9 Privileged User Operations
Who is the Privileged user ? How to maintain UA and PA assignment? Where to store ? Who will update ? Privileged user operations Role_Adduser, Role_Removeuser, Role_Addpermission, Role_Removepermission, Add_Role_to_Program.

10 Representing Roles and Capabilities
Observe file-descriptor management How to represent a role ? What information should each role contain ? How to represent a capability ? What information should each capability contain ? Should a process reference role / capability ? Information depends on role-operations ActivateRole, DeactivateRole, DropRole, DelegateRole, RevokeRole

11 Session Representation
RBAC Session : Each login session. A subset of user-roles is active for each session. A user may have multiple sessions. Each session may have different roles active. All processes in a login session should have the same set of roles. How to represent a session ? What does the process carry ?

12 Delegation Delegated roles are available to users immediately.
CAP_ROLE_DELEGATE Delegated roles are available to users immediately. User should explicitly activate delegated roles. The delegated roles should be available to all user-sessions.

13 Separation of Duty Static Separation of Duty (SSD)
Dynamic separation of Duty (DSD) When to check each? How to represent the rules? Who can update the rules?

14 Setuid Mechanism Setuid programs
Traditional setuid programs should work. How could a RBAC-aware support a setuid equivalent mechanism ? What is the meaning of these system calls in the RBAC model: Setuid() Seteuid()

15 Next milestone Setup all kernel data-structures required for supporting RBAC-capability. Implement all role operations. Should have a facility to printout all role / capabilities for the process. Should be able to show the correctness of all role operations.

16 Thank you


Download ppt "RBAC-Capability Project"

Similar presentations


Ads by Google