Document Type

Article

Source of Publication

Computers & Security

Publication Date

10-1-2022

Abstract

Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users who have good knowledge of the syntax of LSM modules’ policies. Adding or editing an existing policy is a very time-consuming process because LSM modules require adding a complete list of traditional permissions as well as administrative privileges. We propose a new Linux module called RootAsRole that is dedicated to the management of administrative privileges. RootAsRole is not proposed to replace LSM modules but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable.

ISSN

0167-4048

Publisher

Elsevier BV

First Page

102983

Last Page

102983

Disciplines

Computer Sciences

Keywords

Administrative privileges, su commands, Linux Security Modules (LSM)

Indexed in Scopus

no

Open Access

yes

Open Access Type

Hybrid: This publication is openly available in a subscription-based journal/series

Download

Share

COinS