![]() If the root account, or a process that runs with its privileges, is compromised, an attacker can take control of the system and its data.Ī more secure approach would limit or even eliminate the need for a root account, and shift the power from the user accounts to the owner of the system. This super-user has the power to control all files and processes. However, the biggest concern with the Linux model is the danger presented by the root account. The owner of the system does not have total control over the system the users do. In this model, users control the data at their discretion. If a user owns a file, he is allowed to set the read, write, and execute permissions for that file. The security model used by most mainstream operating systems is based on Discretionary Access Control (DAC), which enforces security by ownership. All of these projects are open-source and licensed under the GPL. The Rule Set Based Access Control (RSBAC) project, the Linux Intrusion Detection System (LIDS), and grsecurity are other popular projects with the same goal. The most well-known of these projects is Security Enhanced Linux (SELinux), which was developed by the U.S. ![]() Fortunately, there are a few projects aiming to solve this problem by providing a more robust security model for Linux by adding Mandatory Access Control (MAC) to the kernel. Please type any word or choose alphabet below.Some in the security industry say that Linux is inherently insecure, that the way Linux enforces security decsions is fundamentally flawed, and the only way to change this is to redesign the kernel. ![]() A database management system, in its access control mechanism, can also apply mandatory access control, in this case, the objects are tables, views, procedures, etc. Any operation by any subject on any object will be tested against the set of authorization rules (aka policy) to determine if the operation is allowed. ![]() Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Subjects and objects each have a set of security attributes. In practice, a subject is usually a process or thread, objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. ![]() Definition of Mandatory Access Control -> In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |