Abstract

Abstract:

In this paper we fully design and implement the capability mechanism conforming to the draft specification Posix1003. 1e on the role-based authorizati on framework of the Kylin operating system. And also we introduce the conception of role capability and user capability. By the design we can practise t he least privilege efficiently in the system, such as privilege partitioning, controlling setuid and setgid programs as well as restricting daemon progr ams. Thus in the system there are no superusers any more, and their functions are divided into several administrators; each process only has the privile ge required to finish its tasks, which can prevent the abuse of orivileges and increase system security greatly.

Key words: role based authorization framework, privilege, capability, capability state, least privilege

[1]	YANG Jing, XU Yan, JIANG Ying. A Spiking Neurons noise-resistant learning algorithm with high and low thresholds [J]. Computer Engineering & Science, 2023, 45(08): 1483-1489.
[2]	GUO Jing-zhi , LIU Wei, XU Long-long, CHEN Deng. An adaptive graph planning protocol generation algorithm based on agent capability commitment collaboration [J]. Computer Engineering & Science, 2020, 42(07): 1208-1214.
[3]	WANG Lei,ZHEN Ziqi,WO Tianyu,JIANG Bo,SUN Hailong,LONG Xiang. Quantitative analysis of the teaching effect of operating system courses based on learning behavior data [J]. Computer Engineering & Science, 2018, 40(增刊S1): 63-71.
[4]	CHEN Yingwen1，ZHONG Ping2，PANG Deming1. Capability-oriented education for the Internet of Things engineering majors [J]. Computer Engineering & Science, 2018, 40(增刊S1): 124-127.
[5]	ZHAN Xuzheng. An improved adaptive random testing method in high dimensional input domains [J]. Computer Engineering & Science, 2018, 40(11): 1936-1943.
[6]	JIANG Wei-cheng,LI Lan-ying,GUO Jun,XU Cao-cao. A cloud scheduling strategy for long jobs [J]. Computer Engineering & Science, 2017, 39(08): 1431-1437.
[7]	TANG Li，HE Li. A data quality assessment method of Web articles based on PAC-Bayes theory [J]. Computer Engineering & Science, 2017, 39(03): 572-579.
[8]	WANG Yonghong，WANG Zhenyu，SI Binbin，LIU Yong，CAO Lujia. A training mode for developing students’ practical engineering ability based on actual army demands [J]. Computer Engineering & Science, 2016, 38(增刊): 313-316.
[9]	ZUO Yudan,DING Yan,WEI Lifeng. Kernel privilege escalation attacks on Linux [J]. Computer Engineering & Science, 2016, 38(11): 2234-2239.
[10]	LIU Hao1，ZHANG Lianming2，HE Wenhua1. A topology optimization algorithm based on reciprocal capability in P2P networks [J]. J4, 2016, 38(06): 1091-1096.
[11]	WEI Lifeng,DING Yan,CHEN Songzheng,HUANG Chenlin. A method for protecting user data files based on private directory container [J]. J4, 2016, 38(03): 460-464.
[12]	JIANG Feng，TANG Wei，LAI Jun. Exploration of teaching reform on objectoriented programming course based on capability [J]. J4, 2014, 36(A1): 126-130.
[13]	BAI Xiaolong. A system for automatically tailoring Android applications’permissions [J]. J4, 2014, 36(11): 2074-2086.
[14]	XIONG Fang1,3,HUANG Hongbin2,HUANG Yucheng1,3,HU Jianzhong3. A resource matching method based on capabilities model with QoS [J]. J4, 2014, 36(10): 1911-1918.
[15]	SUN Zhonghao,ZHOU Xingshe,ZHANG Kailong. A token-ring-like real-time response algorithm of Modbus/TCP message based on μC/OS-II [J]. J4, 2014, 36(09): 1662-1667.

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 15

Recommended Articles

Metrics

Comments