Skip to Main content Skip to Navigation
Conference papers

RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators

Abstract : The typical way to run an administrative task on Linux is to execute it in the context of a super user. This breaks the principle of least privilege on access control. Other solutions, such as SELinux and AppArmor, are available but complex to use. In this paper, a new Linux module, named RootAsRole, is proposed to allow users to fine-grained control the privileges they grant to Linux commands as capabilities. It adopts a role-based access control (RBAC) [14], in which administrators can define a set of roles and the capabilities that are assigned to them. Administrators can then define the rules controlling what roles users or groups can assign to themselves. Each time a Linux user wants to execute a program that necessitates one or more capabilities, (s)he should assign the role to him/herself that contains the needed capabilities, providing there is a rule that allows it. A pilot implementation on Linux systems is illustrated in detail.
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03345757
Contributor : Romain Laborde Connect in order to contact the contributor
Submitted on : Wednesday, September 15, 2021 - 6:29:45 PM
Last modification on : Tuesday, October 19, 2021 - 2:23:31 PM

Identifiers

Citation

Ahmad Samer Wazan, David Chadwick, Remi Venant, Romain Laborde, Abdelmalek Benzekri. RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators. 36th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2021), Jun 2021, Oslo, Norway. pp.196-209, ⟨10.1007/978-3-030-78120-0_13⟩. ⟨hal-03345757⟩

Share

Metrics

Record views

30