Browse Prior Art Database

Method of restricting access to Inter Process Communications Mechanisms using Public Key Cryptography

IP.com Disclosure Number: IPCOM000013746D
Original Publication Date: 2000-Mar-01
Included in the Prior Art Database: 2003-Jun-18
Document File: 2 page(s) / 38K

Publishing Venue

IBM

Abstract

Method of restricting access to Inter Process Communications Mechanisms using Public Key Cryptography With the explosive growth of the Internet, security concern are becoming more important daily. These concerns require computing systems to have more robust access controls than the classical User/Group/Other methods incorporated in traditional Unix systems can provide. With applications being built of component processes that interact with interprocess communications (IPC’s) (i.e. Shared Memory, Message Queues, and Semaphores), the classical access methods allow individuals who obtain unauthorized entry into a system to have catastrophic effects on the subsystems through subsequent unsanctioned access to the IPC data structures. We will show how to use digital certificates to control such accesses and eliminate the threats of unknown attackers. Restricting access to IPC’s via digital certificates and signatures allows the operating system to authenticate processes attempting to access system IPCs. Using the shared memory IPC as an example we will compare the classic vs. the proposed certificate based access control.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Method of restricting access to Inter Process Communications Mechanisms

using Public Key Cryptography

With the explosive growth of the Internet, security
concern are becoming more important daily. These
concerns require computing systems to have more
robust access controls than the classical
User/Group/Other methods incorporated in
traditional Unix systems can provide. With
applications being built of component processes
that interact with interprocess communications
(IPC's) (i.e. Shared Memory, Message Queues, and
Semaphores), the classical access methods allow
individuals who obtain unauthorized entry into a
system to have catastrophic effects on the
subsystems through subsequent unsanctioned access
to the IPC data structures. We will show how to
use digital certificates to control such accesses
and eliminate the threats of unknown attackers.

Restricting access to IPC's via digital
certificates and signatures allows the operating
system to authenticate processes attempting to
access system IPCs. Using the shared memory IPC as
an example we will compare the classic vs. the
proposed certificate based access control.

In the classic IPC model, a process creates the IPC
(assigning file based access authority). Other
processes then "attach" to the shared memory. The
operating system restricts what operations the
process can perform based on the user id and group
id of the process, and the permissions set when the
IPC is created. This is sufficient, provided a
malicious intruder does not obtain access as either
root (allowin...