Browse Prior Art Database

Security attributes in Extended Attributes for an Object on RBAC system.

IP.com Disclosure Number: IPCOM000174551D
Original Publication Date: 2008-Sep-15
Included in the Prior Art Database: 2008-Sep-15
Document File: 2 page(s) / 66K

Publishing Venue

IBM

Abstract

Disclosed is a solution for effective management of privileges for an application in RBAC model

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 59% of the total text.

Page 1 of 2

Security attributes in Extended Attributes for an Object on RBAC system .

Authors -- Vidya Ranganathan, Madhusudanan Kandasamy.

Role Based Access Control is a known technology which applies principle of least privilege. It is a security feature that provides users to control programs with security attributes that is usually allowed to be executed only by super user. By allowing users access specific processes RBAC lets administrators execute super user capable jobs. RBAC grabs the super user capabilities into roles and grants them to user as per need.

The elements of RBAC system are:
Authorizations

Privileges
Roles

In RBAC environment described above the privilege command database is a flat file in ASCII format. This contains privileged commands and their security attributes. Each stanza in the privilege command database is identified by the full path name to the command, followed by a colon (:). The path name must be the absolute path to the command and cannot contain symbolic link directories or be a symbolic link to the command.

With this model when the programs are moved to different location , it shall lose its ability as privileged command and cannot be executed in RBAC system, thereby marking a drawback.

To address this problem the privileges and security attributes of an object in a RBAC environment can be placed in its Extended Attributes. For manipulation of extended attributes getEA and setEA calls / utilities can...