DocumentCode :
3191349
Title :
Protecting resources with resource control lists
Author :
Miyoshi, Akihiko ; Rajkumar, Ragunathan
Author_Institution :
Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA, USA
fYear :
2001
fDate :
2001
Firstpage :
85
Lastpage :
94
Abstract :
Resource management has become an important issue for computer systems as QoS-sensitive multimedia applications and hostile acts such as denial of service (DoS) attacks become widespread. Since applications access the processor, network and other subsystems, attacks on any of these subsystems can lead to undesirable behavior. To maintain system integrity even under such attacks, an unprivileged application must not be allowed to intentionally or unintentionally affect the progress of others. The authors present a first-class abstraction called Resource Control Lists (RCLs) to specify and enforce protection policies on time multiplexed resources, similar to access control on files. RCLs put access control on time multiplexed resources such as CPU time and network and disk bandwidth. RCLs are practical, flexible and provide several benefits. Protection policies specified by RCLs can be under administrator control, customized to a site, and can be dynamically adapted. We have built support for RCLs into Linux/RK, a real-time version of Linux that provides resource reservations where applications receive a promised amount of resources by making reservations. Quantitative measurements with limited forms of DoS attacks show that our new features provide flexible functionality while imposing acceptable overhead without modifying the applications. We also demonstrate that resources are protected even in the face of malicious activities. Finally, we show how RCLs can be used to deliver resource protection on multiple Web server configurations including the hosting of multiple logical sites by an ISP and preferential treatment of buyers on e-commerce sites
Keywords :
Unix; authorisation; computer networks; data integrity; real-time systems; resource allocation; time division multiplexing; CPU time; DoS attacks; ISP; Linux/RK; QoS-sensitive multimedia applications; RCLs; access control; administrator control; computer systems; denial of service attacks; disk bandwidth; e-commerce sites; first-class abstraction; hostile acts; malicious activities; multiple Web server configurations; multiple logical sites; preferential treatment; protection policies; quantitative measurements; real-time version; resource control lists; resource management; resource protection; resource reservations; system integrity; time multiplexed resources; unprivileged application; Application software; Computer crime; Laboratories; Linux; Multimedia systems; Operating systems; Protection; Real time systems; Resource management; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Real-Time Technology and Applications Symposium, 2001. Proceedings. Seventh IEEE
Conference_Location :
Taipei
ISSN :
1080-1812
Print_ISBN :
0-7695-1134-1
Type :
conf
DOI :
10.1109/RTTAS.2001.929868
Filename :
929868
Link To Document :
بازگشت