rbac-capability project design session ii zutao zhu derived from karthick jayaraman

RBAC-Capability ProjectRBAC-Capability ProjectDesign Session II

Zutao Zhu

Derived from Karthick Jayaraman

AgendaAgendaAnnouncementsDesign questions

◦Delegation◦Separation of duty◦Setuid

Task list for project

NOTICESNOTICES

NoticesNoticesDesign session I minutes are

online.Design document

◦Due on Monday, Nov 5, 2009◦You may just summarize your plan

for each design section.◦Please do not make an elaborate

document.

DESIGN QUESTIONSDESIGN QUESTIONS

DelegationDelegationCAP_ROLE_DELEGATE Delegated roles are available to

users immediately.User should explicitly activate

delegated roles.The delegated roles should be

available to all user-sessions.Delegation ends when machine

reboots or the delegating user revokes the delegation.

Revocation: Revoking a delegation chain is a challenge.

Delegation - continuedDelegation - continuedQuestions:

◦Where to store delegated roles?◦How to enforce SSD and DSD for a

delegation?◦How to do revocation?

Separation of DutySeparation of DutyStatic Separation of Duty (SSD)Dynamic separation of Duty

(DSD)When to check each?How to represent the rules?Who can update the rules?Can the rules keep changing

often?

Setuid MechanismSetuid MechanismSetuid programsTraditional setuid programs

should work.Set-owner-role program: How

could a RBAC-aware support a setuid equivalent mechanism?

Do we need a different identification mechanism for set-owner-role program ?

Setuid Mechanism - Setuid Mechanism - ContinuedContinuedWhat is the meaning of these

system calls in the RBAC model:◦Setuid()◦Seteuid()

Should these system calls be allowed for a set-owner-role program?

STAGES IN PROJECTSTAGES IN PROJECT

StagesStages Implementing commands to do UA and PA

assignment. Defining all kernel level data structures

required for supporting RBAC-Capability.◦ Representing roles and capabiities.◦ Representing session.◦ Additional data structure(s) to support delegation.◦ Changes to fproc structure.

Changing login.c to setup a session.

Stages - continuedStages - continued Implementing role operations: Enable /

Disable / and Drop session. Implementing delegation.Writing functions and commands to check SSD

and DSD rules.Supporting set-owner-role programs.Changes to reference monitor.

Next milestoneNext milestoneSetup all kernel data-structures

required for supporting RBAC-capability.

Implement all role operations.◦Should have a facility to printout all

role / capabilities for the process.◦Should be able to show the

correctness of all role operations.

Thank youThank you