loading
Documents

Research.Publish.Connect.

Paper

Authors: Kirill Belyaev and Indrakshi Ray

Affiliation: Colorado State University, United States

ISBN: 978-989-758-196-0

Keyword(s): Access Control, Service and Systems Design, Inter-application Communication.

Related Ontology Subjects/Areas/Topics: Access Control ; Cloud Computing ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Security in Information Systems ; Security Information Systems Architecture and Design and Security Patterns ; Service and Systems Design and Qos Network Security ; Services Science ; Web Information Systems and Technologies

Abstract: With the advancements in contemporary multi-core CPU architectures, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. We propose an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and en forced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the details of our framework and also discuss the preliminary implementation to demonstrate the feasibility of our approach. (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.196.42.146

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Belyaev K. and Ray I. (2016). Towards Access Control for Isolated Applications.In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 171-182. DOI: 10.5220/0005970001710182

@conference{secrypt16,
author={Kirill Belyaev and Indrakshi Ray},
title={Towards Access Control for Isolated Applications},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={171-182},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005970001710182},
isbn={978-989-758-196-0},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Towards Access Control for Isolated Applications
SN - 978-989-758-196-0
AU - Belyaev K.
AU - Ray I.
PY - 2016
SP - 171
EP - 182
DO - 10.5220/0005970001710182

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.