Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2010
ACM
2010
ACM
A control point for reducing root abuse of file-system privileges
We address the problem of restricting root’s ability to change arbitrary files on disk, in order to prevent abuse on most current desktop operating systems. The approach first involves recognizing and separating out the ability to configure a system from the ability to use the system to perform tasks. The permission to modify configuration of the system is then further subdivided in order to restrict applications from modifying the file-system objects of other applications. We explore the division of root’s current ability to change arbitrary files on disk and discuss a prototype that proves out the viability of the approach for designated system-wide file-system objects. Our architecture exposes a control point available for use to enforce policies that prevent one application from modifying another’s file-system objects. In addition, we review in detail the permissions given to current installers, and alternative approaches for secure software installation. Categories ...
Real-time Traffic| Added | 13 Jan 2011 |
| Updated | 13 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | CCS |
| Authors | Glenn Wurster, Paul C. van Oorschot |
Comments (0)
Researcher Info
|
