• Corpus ID: 19024064

Linux capabilities: making them work

@inproceedings{Hallyn2008LinuxCM,
  title={Linux capabilities: making them work},
  author={Serge E. Hallyn and Andrew G. Morgan},
  year={2008}
}
Linux capabilities have been partially implemented for many years, and in their incomplete state have been nearly unusable. In light of recent kernel developments, including VFS support and per-process support for bounding-set and secure-bits, capabilities have finally come of age. In this paper we demonstrate, with examples, how capabilities enhance the security of the modern Linux system. 
PrivAnalyzer: Measuring the Efficacy of Linux Privilege Use
TLDR
This paper uses PrivAnalyzer to determine how long five privileged open source programs retain the ability to cause serious damage to a system and finds that simple refactoring can considerably increase the efficacy of Linux privileges.
BigMAC: Fine-Grained Policy Analysis of Android Firmware
TLDR
A framework called BIGMAC is created that combines and instantiates all layers of the policy together in a fine grained graph supporting millions of edges, and develops attack queries to discover sets of objects that can be influenced by untrusted applications and external peripherals.
Algorithm 3 Global Live Privilege Analysis Algorithm
To help programmers write programs that follow Saltzer and Schroeder’s Principle of Least Privilege, modern operating systems divide the power of the administrative user into separate privileges
Transforming Code to Drop Dead Privileges
TLDR
A compiler, named AutoPriv, that helps programmers use privileges more easily by using whole-program analysis during link-time optimization to determine where programs use privileges; it then transforms programs to remove unnecessary privileges during their execution.
The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls
TLDR
The motivation for application restrictions and sandboxes is described, presenting an in-depth review of the literature covering existing systems, and recommendations for usability and abstraction are considered to be considered to a further extent when designing application-oriented access controls.
SPEAKER: Split-Phase Execution of Application Containers
TLDR
A container security mechanism called SPEAKER is proposed that can dramatically reduce the number of available system calls to a given application container by customizing and differentiating its necessary system calls at two different execution phases, namely, booting phase and running phase.
Component-oriented access control - Application servers meet tuple spaces for the masses
TLDR
An access control framework for policy formulation, management, and enforcement is implemented that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance.
A control point for reducing root abuse of file-system privileges
TLDR
This work addresses the problem of restricting root's ability to change arbitrary files on disk, and discusses a prototype that proves out the viability of the approach for designated system-wide file-system objects.
Towards Access Control for Isolated Applications
TLDR
An access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance is proposed.
A Measurement Study on Linux Container Security: Attacks and Countermeasures
TLDR
This paper collects an attack dataset including 223 exploits that are effective on the container platform, and classify them into different categories using a two-dimensional attack taxonomy and proposes a defense mechanism to effectively defeat those identified privilege escalation attacks.
...
1
2
3
...

References

SHOWING 1-10 OF 24 REFERENCES
Integrating Flexible Support for Security Policies into the Linux Operating System
TLDR
The National Security Agency worked with Secure Computing Corporation to develop a flexible MAC architecture called Flask to overcome the limitations of traditional MAC, and implemented this architecture in the Linux operating system, producing a Security-Enhanced Linux (SELinux) prototype.
Linux security modules: general security support for the linux kernel
TLDR
The design and implementation of LSM are presented and the challenges in providing a truly general solution that minimally impacts the Linux kernel are discussed.
Jails: confining the omnipotent root
TLDR
In Jail, users with pri vilege find that the scope of their requests is limited to the jail, and system administrators are required to dele gate management capabilities for each virtual machine en viro ment.
POSIX Access Control Lists on Linux
Printed textiles and a process for production of resist effects on textile materials of mixed fibers of polyester and cellulose comprising impregnating the materials with a dye liquor containing
The Simplified Mandatory Access Control Kernel
  • linux.conf.au,
  • 2008
The capability user-space tools and library: http://www.kernel.org/pub/linux/ libs/security/linux-privs/libcap2
  • The capability user-space tools and library: http://www.kernel.org/pub/linux/ libs/security/linux-privs/libcap2
The Simplified Mandatory Access Control Kernel. linux.conf.au
  • The Simplified Mandatory Access Control Kernel. linux.conf.au
  • 2008
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
  • 2006
Watson: Jails: Confining the omnipotent root
  • Proceedings of second international SANE conference,
  • 2000
A practical alternative to hierarchical integrity policies
  • In Proceedings of the Eighth National Computer Security Conference,
  • 1985
...
1
2
3
...