Implementing the principle of least administrative privilege on operating systems: challenges and perspectives

Document Type

Article

Source of Publication

Annales des Telecommunications/Annals of Telecommunications

Publication Date

1-1-2024

Abstract

With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.

ISSN

0003-4347

Publisher

Springer Science and Business Media LLC

Disciplines

Computer Sciences

Keywords

Access control, Administrative privileges, FreeBSD, Linux, Operating system, Principle of least privilege, Solaris, Windows

Scopus ID

85193076239

Indexed in Scopus

yes

Open Access

no

Link to Full Text

Share

COinS