Implementing the Principle of Least Privilege Using Linux Capabilities: Challenges and Perspectives - Service IntEgration and netwoRk Administration
Conference Papers Year : 2023

Implementing the Principle of Least Privilege Using Linux Capabilities: Challenges and Perspectives

Abstract

Historically and by default, Linux does not respect the principle of least privilege because it grants all the privileges to administrators to execute their tasks. With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. The Linux operating system since version 2.2 divides the privileges associated with the superuser into distinct units called capabilities. Linux capabilities allow coarse-grained access control to restricted system features. The “RootAsRole” project is introduced as a solution for delegating administrative tasks while matching the necessary capabilities. However, limitations in user experience and the mapping of Linux capabilities pose significant obstacles. This paper proposes enhancements to achieving a balance between usability and the principle of least privilege, emphasizing the need for precise capability definitions. Future work involves enhancing the RootAsRole access control model and addressing the need for a comprehensive administration access control framework for managing Linux capabilities effectively.
Fichier principal
Vignette du fichier
Use_Linux_Capabilities_Paper.pdf (208.96 Ko) Télécharger le fichier
Origin Files produced by the author(s)
licence

Dates and versions

hal-04278090 , version 1 (28-05-2024)

Licence

Identifiers

Cite

Eddie Billoir, Romain Laborde, Ahmad Samer Wazan, Yves Rütschlé, Abdelmalek Benzekri. Implementing the Principle of Least Privilege Using Linux Capabilities: Challenges and Perspectives. 7th Cyber Security in Networking Conference (CSNet 2023), IEEE Communications Society, Oct 2023, Montréal, Canada. pp.130--136, ⟨10.1109/CSNet59123.2023.10339753⟩. ⟨hal-04278090⟩
199 View
120 Download

Altmetric

Share

More