Implementing the Principle of Least Privilege Using Linux Capabilities: Challenges and Perspectives

Document Type

Conference Proceeding

Source of Publication

2023 7th Cyber Security in Networking Conference (CSNet)

Publication Date

10-18-2023

Abstract

Historically and by default, Linux does not respect the principle of least privilege because it grants all the privileges to administrators to execute their tasks. With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. The Linux operating system since version 2.2 divides the privileges associated with the superuser into distinct units called capabilities. Linux capabilities allow coarse-grained access control to restricted system features. The “RootAsRole” project is introduced as a solution for delegating administrative tasks while matching the necessary capabilities. However, limitations in user experience and the mapping of Linux capabilities pose significant obstacles. This paper proposes enhancements to achieving a balance between usability and the principle of least privilege, emphasizing the need for precise capability definitions. Future work involves enhancing the RootAsRole access control model and addressing the need for a comprehensive administration access control framework for managing Linux capabilities effectively.

ISBN

979-8-3503-4287-1

Publisher

IEEE

Volume

00

First Page

130

Last Page

136

Disciplines

Computer Sciences

Keywords

Access control, Linux, Process control, Manuals, Documentation, User experience, Regulation

Indexed in Scopus

no

Open Access

no

Link to Full Text

Share

COinS