User-Space Authorization of Creat System Call in Linux
Rohith Krishnan1, Hari Narayanan2
1Rohith Krishnan, Center for Cyber Security Systems and Networks, Amritapuri Campus, Amrita Vishwa Vidyapeetham, Kollam (Kerala), India.
2Hari Narayanan, Center for Cyber Security Systems and Networks, Amritapuri Campus, Amrita Vishwa Vidyapeetham, Kollam (Kerala), India.
Manuscript received on 22 April 2019 | Revised Manuscript received on 01 May 2019 | Manuscript Published on 08 May 2019 | PP: 60-64 | Volume-7 Issue-5S3 February 2019 | Retrieval Number: E11110275S19/19©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Authorization is a hot topic for several decades’ right from the time people started using information technology. It still continues to be. All the operating systems have some or other ways of authorizing user processes. Linux uses identity-based authorization by default which is not fine-grained. The architecture discussed in this paper provides an additional layer of authorization using security tickets over and above the userid and groupid based authorization. A Secure Daemon which is running in the user space is responsible for this second level of authorization. This new architecture is designed in such a way that all the critical system call invocations like creat are routed to the Secure Daemon which verifies the attached security ticket for authorization. This routing of the creat system call invocation is achieved by the use of wrapper function for C library function creat. This architecture ensures Principle of Least Privilege which is essential to prevent attacks from malicious programs. The processes are executed in a sandboxed environment to protect the system from potential attacks. Since the Secure Daemon is running in the user space itself, this is also portable across different Linux platforms.
Keywords: Authorization, Principle of Least Privilege, Sandbox, System Calls, Secure Daemon, Wrapper Functions, Security Tickets.
Scope of the Article: Smart Spaces