{"title":"在面向acl的操作系统中支持基于任意角色的访问控制","authors":"C. Friberg, A. Held","doi":"10.1145/266741.266763","DOIUrl":null,"url":null,"abstract":"‘Ilie iml~lemrlil.at,ioli of discr&ionary role-lmscd it<‘cess cY)ntrol nic~c&anisnis in standard operat,ing syst)ems like [inix suffers from t#he inahilit,y of t,hta systclii t,o allow a user t,o r&rict, his processes’ cont,rol over his own ohjtct~s. Hy cxploit,ing t,he user’s a~t‘ss right,s tro,jan horses, possibly hidden in down1oadetl (~x(~cutabI(~ corit,enl,, (‘an u~itlcrrriine t tic access c-0111.rol policy l,o perform t.heir malicious t,asks. This paper present,s an approach t.o restrict the rights of procPssr,s l)y switching bct,wccn hicrarcliically organized user drfiued subdomains with simple system calls. ‘JI~~w doniains can be used t,o implenient certain disc,rr,t iona.ry role based access control policies.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Support for discretionary role based access control in ACL-oriented operating systems\",\"authors\":\"C. Friberg, A. Held\",\"doi\":\"10.1145/266741.266763\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"‘Ilie iml~lemrlil.at,ioli of discr&ionary role-lmscd it<‘cess cY)ntrol nic~c&anisnis in standard operat,ing syst)ems like [inix suffers from t#he inahilit,y of t,hta systclii t,o allow a user t,o r&rict, his processes’ cont,rol over his own ohjtct~s. Hy cxploit,ing t,he user’s a~t‘ss right,s tro,jan horses, possibly hidden in down1oadetl (~x(~cutabI(~ corit,enl,, (‘an u~itlcrrriine t tic access c-0111.rol policy l,o perform t.heir malicious t,asks. This paper present,s an approach t.o restrict the rights of procPssr,s l)y switching bct,wccn hicrarcliically organized user drfiued subdomains with simple system calls. ‘JI~~w doniains can be used t,o implenient certain disc,rr,t iona.ry role based access control policies.\",\"PeriodicalId\":355233,\"journal\":{\"name\":\"ACM Workshop on Role-Based Access Control\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Role-Based Access Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/266741.266763\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/266741.266763","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
摘要
”式iml ~ lemrlil。在标准的操作系统(如unix)中,违反了区别性的角色管理(即“访问权限”和“控制权限”),因为系统不允许用户控制自己的进程,也不允许用户控制自己的进程。Hy cxploit,荷兰国际集团(ing) t,他用户~ t的对吧,有望,扬马,可能隐藏在down1oadetl (x ~ (~ cutabI (~ corit, enl,,(“一个u ~ itlcrrriine t抽搐访问c - 0111。罗尔政策1要求执行他们的恶意操作。本文提出了一种用简单的系统调用对用户生成的子域进行随机组织的方法,即通过切换对象来限制用户生成子域的权限。可以使用“霁~ ~ w doniains t o implenient某些盘,rr, t爱奥那岛。基于角色的访问控制策略。
Support for discretionary role based access control in ACL-oriented operating systems
‘Ilie iml~lemrlil.at,ioli of discr&ionary role-lmscd it<‘cess cY)ntrol nic~c&anisnis in standard operat,ing syst)ems like [inix suffers from t#he inahilit,y of t,hta systclii t,o allow a user t,o r&rict, his processes’ cont,rol over his own ohjtct~s. Hy cxploit,ing t,he user’s a~t‘ss right,s tro,jan horses, possibly hidden in down1oadetl (~x(~cutabI(~ corit,enl,, (‘an u~itlcrrriine t tic access c-0111.rol policy l,o perform t.heir malicious t,asks. This paper present,s an approach t.o restrict the rights of procPssr,s l)y switching bct,wccn hicrarcliically organized user drfiued subdomains with simple system calls. ‘JI~~w doniains can be used t,o implenient certain disc,rr,t iona.ry role based access control policies.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
