Browse Prior Art Database

System call -Attribute based Security control

IP.com Disclosure Number: IPCOM000210332D
Publication Date: 2011-Aug-30

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system for system-call attribute based security control where the security is provided based on the attribute of the command or the attribute of the system call.The core idea of our invention lies in the restricting access based on the attribute of the command or the attribute of the system call. A Database at the user level will be maintained where a root user or an administrator with appropriate privileges can edit that user database. Such a user can specify the restrictions on the execution of command based on the attribute values of the command. That user database will be downloaded into the kernel and it can be specified as the System call table .Then mapping from user database to system call table database should take place for furher verification at the time of system call execution. All the commands should be finally mapped into system calls and attributes of the commands will be changed as the attributes of the system call at the kernel level. Once a process calls the system call,The privileges of the process verified by process credentials (process data structure)and refmon syscall.Once the refmon call verification is completed ,then it will call system _call_ table_ interface for system call verification.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 23% of the total text.

Page 01 of 10

System call -Attribute based Security control

Traditional approach to AIX administration

    The traditional approach to privileged administration in the AIX operating system has relied on a single system administrator account named "root"(super user). Reliance on a single super user for all aspects of system administration poses problems in regards to the separation of administrative duties.

    Using a single administrative account may require that the super user role is shared amongst two or more system administrators. This shared administrative approach may breach business audit guidelines in an environment that requires that all privileged system administration is attributable to a single individual.

    Sharing administration may create issues from a security perspective in which each administrator is granted complete control over the system. There was no way to limit the operations that any given administrator could perform. Since the "root" user is the most

rivileged use

         , the user could perform unauthorized operations and also be able to erase any audits of these activities thereby making tracking of the administrative actions impossible.

    Therefore, there was a need of some mechanism to divide system duties, for which RBAC came into AIX.

Role Based Access Control (RBAC)

    Benefit of RBAC is the minimizing of the use of the setuid/setgid programs by restricting the privileges assigned to a command to only those privileges that the command needs to execute its task.

    The Enhanced RBAC uses granular privileges and authorizations and allows the administrator the ability to configure any command on the system as a privileged command.

Enhanced RBAC consists of the following security database files:
1. Authorization Database
2. Role Database
3. Privileged Command Database
4. Privileged Device Database
5. Privileged File Database

    Authorization: When a command that is governed by an authorization is executed, access is only granted if the invoking user has the required authorization.

Roles: With Enhanced RBAC, the behavior of roles has been further developed to

rovide for a separation of duty functionality. Roles have further been enhanced to support the

1

p

r

p


Page 02 of 10

requirement that the user must authenticate before activating the role.

    Privileges: Privileged Command Database increases the granularity of privileges on the system allowing for explicit privileges to be granted to a command and the execution of that command to be governed by an authorization. The Privileged Command Database provides the ability to remove the dependency on setuid and setgid programs, allows allowing the administrator to assign commands only the privileges that are required for the successful execution of the command, without requiring a code change to the actual command.

Enhanced RBAC command execution process

(This page contains 00 pictures or other non-text object)

Figure 1. Current Enhanced RBAC Flowchart

    When a user on an Enhanced RBAC mode system attempt...