The Distributed Security-Oriented Operating Systems (DS2OS) Project aims to integrate Dynamic Delegation facilities into open-source operating systems technologies, in order to obtain the building blocks of fully scalable and interoperable distributed environments. Dynamic Delegation (DD) is an access control facility which allows users or applications on a given host to grant specific authorizations to remote principals about resources they own as a result of their accounting profiles on such host. Thus, DD represents a fully distributed, authorization-based access control that, as argued in Deliverable A, could constitute the basis for next generation collaborative environments. As we extensively explained and justified again in Deliverable A, one main concern of DS2OS Project is to enforce DD directly at the operating system level, instead of implement- ing it as middleware, like for direct delegation [4]. That is also because DD is intended as the application of the direct delegation approach not only to (human) users, but to applications and processes, too 1 In this Deliverable, we focus on the operating system technologies withstanding our implementation. One main requirement of DD would be its portability to the main OS plat- forms; however, that is practically unattainable today, because of the absence of standards - or at least some convergence - on frameworks and APIs concerning OS's access control tech- nologies. Section 2 gives some general information on the open source operating system we choose as development platform, illustrating the main factors which motivated our choice. Another main requirement for DD would be its "neutrality" w.r.t. system services and applications; that is, DD should be neither application specific nor depend on any specific system service. Although our design is general enough to encompass that neutrality, the implementation efforts in the DS2OS project have been focused to the implementation of DD for system entry services (specifically, the Secure Shell service) due to resource's and time limits. In Section 3 we review the general framework for Unix-like entry services to point out the main ingredients which are of relevance for DD. Unix-like entry services rely upon Pluggable Authentication Modules (PAM) framework [17], so our implementation heavily concerns PAM extensions in order to accomodate the functionalities of DD in terms of authentication and authorization, as described in Deliverable D. Section 5 introduces PAM related technologies, and Appendix 5.1 constitutes a PAM library reference. A core aspect of the implementation of DD at the OS level relates to the enforcement of an appropriate security context for principals having the guest and sponsor profiles. Thus, a consistent part of this Deliverable is Section 4, concerning the illustration of the file system and process protection mechanisms upon which we built our design.
DS2OS - Deliverable B: Operating System Technologies
Giovanni Schmid;
2010
Abstract
The Distributed Security-Oriented Operating Systems (DS2OS) Project aims to integrate Dynamic Delegation facilities into open-source operating systems technologies, in order to obtain the building blocks of fully scalable and interoperable distributed environments. Dynamic Delegation (DD) is an access control facility which allows users or applications on a given host to grant specific authorizations to remote principals about resources they own as a result of their accounting profiles on such host. Thus, DD represents a fully distributed, authorization-based access control that, as argued in Deliverable A, could constitute the basis for next generation collaborative environments. As we extensively explained and justified again in Deliverable A, one main concern of DS2OS Project is to enforce DD directly at the operating system level, instead of implement- ing it as middleware, like for direct delegation [4]. That is also because DD is intended as the application of the direct delegation approach not only to (human) users, but to applications and processes, too 1 In this Deliverable, we focus on the operating system technologies withstanding our implementation. One main requirement of DD would be its portability to the main OS plat- forms; however, that is practically unattainable today, because of the absence of standards - or at least some convergence - on frameworks and APIs concerning OS's access control tech- nologies. Section 2 gives some general information on the open source operating system we choose as development platform, illustrating the main factors which motivated our choice. Another main requirement for DD would be its "neutrality" w.r.t. system services and applications; that is, DD should be neither application specific nor depend on any specific system service. Although our design is general enough to encompass that neutrality, the implementation efforts in the DS2OS project have been focused to the implementation of DD for system entry services (specifically, the Secure Shell service) due to resource's and time limits. In Section 3 we review the general framework for Unix-like entry services to point out the main ingredients which are of relevance for DD. Unix-like entry services rely upon Pluggable Authentication Modules (PAM) framework [17], so our implementation heavily concerns PAM extensions in order to accomodate the functionalities of DD in terms of authentication and authorization, as described in Deliverable D. Section 5 introduces PAM related technologies, and Appendix 5.1 constitutes a PAM library reference. A core aspect of the implementation of DD at the OS level relates to the enforcement of an appropriate security context for principals having the guest and sponsor profiles. Thus, a consistent part of this Deliverable is Section 4, concerning the illustration of the file system and process protection mechanisms upon which we built our design.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.