DocumentCode :
3234926
Title :
Flexible access control using IPC redirection
Author :
Jaeger, Trent ; Elphinstone, Kevin ; Liedtke, Jochen ; Panteleenko, Vsevolod ; Park, Yoonho
Author_Institution :
IBM Thomas J. Watson Res. Center, Yorktown Heights, NY, USA
fYear :
1999
fDate :
1999
Firstpage :
191
Lastpage :
196
Abstract :
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user level, so IPC is the only means of communication between them. Thus, the system must be able to mediate IPCs to enforce its access control policy. Such mediation must enable enforcement of security policy with as little performance overhead as possible, but current mechanisms either: (1) place significant access control functionality in the kernel which increases IPC cost or (2) are static and require more IPCs than necessary to enforce access control. We define an IPC redirection mechanism that makes two improvements: (1) it removes the management of redirection policy from the kernel, so access control enforcement can be implemented outside the kernel; and (2) it separates the notion of who controls the redirection policy from the redirections themselves, so redirections can be configured arbitrarily and dynamically. We define our redirection mechanism, demonstrate its use, and examine possible efficient implementations
Keywords :
authorisation; message passing; operating system kernels; IPC; IPC cost; IPC redirection; access control enforcement; access control functionality; access control policy; flexible access control; inter-process communication; micro-kernel systems; performance overhead; redirection mechanism; redirection policy; security policy; Access control; Authorization; Communication system security; Control systems; Costs; Electrical capacitance tomography; Kernel; Microwave integrated circuits; Operating systems; Read only memory;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Hot Topics in Operating Systems, 1999. Proceedings of the Seventh Workshop on
Conference_Location :
Rio Rico, AZ
Print_ISBN :
0-7695-0237-7
Type :
conf
DOI :
10.1109/HOTOS.1999.798399
Filename :
798399
Link To Document :
بازگشت