LRBAC: Flexible function-level hierarchical role based access control for Linux

We present a flexible hierarchical role based access control model based on simple and existing technologies that enables efficient function-level access control, prototyped in a system called LRBAC¹, a Linux kernel module enforcing access control over program execution. The hierarchical design allows for easy maintenance of roles and access rights in an organization, effectively thwarting access control vulnerabilities when configured using adequate policies. Though the prototype incurs significant overhead on background and small applications in current flexible deployment model, it incurs only 3.26% overhead on user interactions with the system (i.e interactive applications) and 14.4% overhead on Apache web server.