A Role-Based Access Control Kernel for NetBSD
نویسنده
چکیده
This paper looks at the traditional Unix security models, and introduces the Role-Based Access Control (RBAC) security model, a much more finely-grained operation and capability system already deployed in some versions of Trusted Solaris and AIX 6. The development model is discussed, along with various approaches to bringing RBAC kernels to a modern BSD kernel. Some implementation details are then described, and lessons learned from these implementation details are discussed. Finally, the RBAC kernel itself is shown in operation, other systems are compared, and areas for future research are identified.
منابع مشابه
An Implementation of Scheduler Activations on the NetBSD Operating System
This paper presents the design and implementation of a two-level thread scheduling system on NetBSD. This system provides a foundation for efficient and flexible threads on both uniprocessor and multiprocessor machines. The work is based on the scheduler activations kernel interface proposed by Anderson et al. [1] for userlevel control of parallelism in the presence of multiprogramming and mult...
متن کاملA Machine-Independent DMA Framework for Net BSD
One of the challenges in implementing a portable kernel is finding good abstractions for semanticallysimilar operations which often have very machinedependent implementations. This is especially important on modern machines which share common architectural features, e.g. the PCI bus. This paper describes why a machine-independent DMA mapping abstraction is needed, the design considerations for ...
متن کاملMaintainability of the kernels of open-source operating systems: A comparison of Linux with FreeBSD, NetBSD, and OpenBSD
We compared and contrasted the maintainability of four open-source operating systems: Linux, FreeBSD, NetBSD, and OpenBSD. We used our categorization of common coupling in kernel-based software to highlight future maintenance problems. An unsafe definition is a definition of a global variable that can affect a kernel module if that definition is changed. For each operating system we determined ...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملRump File Systems: Kernel Code Reborn
When kernel functionality is desired in userspace, the common approach is to reimplement it for userspace interfaces. We show that use of existing kernel file systems in userspace programs is possible without modifying the kernel file system code base. Two different operating modes are explored: 1) a transparent mode, in which the file system is mounted in the typical fashion by using the kerne...
متن کامل