TRON: Process-Specific File Protection for the UNIX Operating System
نویسندگان
چکیده
The file protection mechanism provided in UNIX is insufficient for current computing environments. While the UNIX file protection system attempts to protect users from attacks by other users, it does not directly address the agents of destruction— executing processes. As computing environments become more interconnected and interdependent, there is increasing pressure and opportunity for users to acquire and test non–secure, and possibly malicious, software. We introduce TRON, a process–level discretionary access control system for UNIX. TRON allows users to specify capabilities for a process’ access to individual files, directories, and directory trees. These capabilities are enforced by system call wrappers compiled into the operating system kernel. No privileged system calls, special files, system administrator intervention, or changes to the file system are required. Existing UNIX programs can be run without recompilation under TRON–enhanced UNIX. Thus, TRON improves UNIX security while maintaining current standards of flexibility and openness.
منابع مشابه
Measuring and Improving Memory’s Resistance to Operating System Crashes
Memory is commonly viewed as an unreliable place to store permanent data because it is perceived to be vulnerable to system crashes.1 Yet despite all the negative implications of memory’s unreliability, no data exists that quantifies how vulnerable memory actually is to system crashes. The goals of this paper are to quantify the vulnerability of memory to operating system crashes and to propose...
متن کاملAn Object Model for Conventional Operating Systems
We have developed an object model for conventional (UNIX-like) systems. It can be used for extending such systems with persistent, shared, protected, and distributed objects. It allows objects to coexist with, access, and be accessed by existing components of the operating system, and has been developed by applying much of the work done in naming, organization, access, and protection of convent...
متن کاملObserving Operating System Behavior using /proc
What is a /proc File System? : The /proc file system isn't a file system in the standard sense. Rather, the /proc file system is an interface to the address space of running processes. With /proc, you can use standard UNIX system calls (e.g., open(), read(), write(), and ioctl()) to query or manipulate the processes' address space. In fact, the Solaris ps(1) command uses /proc to determine the ...
متن کاملConfining Root Programs with Domain and Type Enforcement
0. Abstract The pervasive use of the root privilege is a central problem for UNIX security because an attacker who subverts a single root program gains complete control over a computing system. Domain and type enforcement (DTE) is a strong, configurable operating system access control technology that can minimize the damage root programs can cause if subverted. DTE does this by preventing group...
متن کاملAn Analysis of UNIX System Configuration
Management of operating system configuration files files is an essential part of UNIX systems administration. It is particularly difficult in environments with a large number of computers. This paper presents a study of UNIX configuration file management. It compares existing systems and tools from the literature, presents several case studies of configuration file management in practice, exami...
متن کامل