Implementing the Principle of Least Administrative Privilege on Operating Systems: Challenges and Perspectives - Service IntEgration and netwoRk Administration
Article Dans Une Revue Annals of Telecommunications - annales des télécommunications Année : 2024

Implementing the Principle of Least Administrative Privilege on Operating Systems: Challenges and Perspectives

Résumé

With the new personal data protection or export control regulations, the Principle of Least Privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD and Solaris) to control the privileges of system administrators in order to enforce the Principle of Least Privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the Principle of Least Privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.
Fichier principal
Vignette du fichier
Use_Linux_Capabilities_Journal (14).pdf (2 Mo) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-04828751 , version 1 (11-12-2024)

Identifiants

Citer

Eddie Billoir, Romain Laborde, Ahmad Samer Wazan, Yves Rütschlé, Abdelmalek Benzekri. Implementing the Principle of Least Administrative Privilege on Operating Systems: Challenges and Perspectives. Annals of Telecommunications - annales des télécommunications, 2024, 79 (11-12), pp.857-880. ⟨10.1007/s12243-024-01033-5⟩. ⟨hal-04828751⟩
0 Consultations
0 Téléchargements

Altmetric

Partager

More