Implementing the principle of least administrative privilege on operating systems: challenges and perspectives

IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Annals of Telecommunications Pub Date : 2024-05-16 DOI:10.1007/s12243-024-01033-5
Eddie Billoir, Romain Laborde, Ahmad Samer Wazan, Yves Rütschlé, Abdelmalek Benzekri
{"title":"Implementing the principle of least administrative privilege on operating systems: challenges and perspectives","authors":"Eddie Billoir,&nbsp;Romain Laborde,&nbsp;Ahmad Samer Wazan,&nbsp;Yves Rütschlé,&nbsp;Abdelmalek Benzekri","doi":"10.1007/s12243-024-01033-5","DOIUrl":null,"url":null,"abstract":"<div><p>With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 11-12","pages":"857 - 880"},"PeriodicalIF":1.8000,"publicationDate":"2024-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s12243-024-01033-5","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.

Abstract Image

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
在操作系统中执行最小管理权限原则:挑战与展望
随着新的个人信息保护或出口管制条例的出台,最小特权原则是强制性的,即使是系统管理员也必须适用。本文探讨了主要操作系统(即Linux、Windows、FreeBSD和Solaris)为控制系统管理员的特权而实现的不同方法,以便执行最小特权原则。我们定义了一组需求来正确地管理这些特权,努力平衡遵守最小特权原则和可用性。我们还根据这些要求对每种管理特权制度进行了深入分析,并展示了它们的优点和局限性。该评估还涵盖了当前可用解决方案的效率,以评估执行管理特权管理任务的难度。根据结果,本文将介绍RootAsRole项目,该项目旨在简化Linux权限管理。我们描述了项目引入的新功能和我们面临的困难。这种具体的经验使我们能够突出研究的挑战。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Annals of Telecommunications
Annals of Telecommunications 工程技术-电信学
CiteScore
5.20
自引率
5.30%
发文量
37
审稿时长
4.5 months
期刊介绍: Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.
期刊最新文献
CSNet 2023 special issue—the resilient networked systems Carbon footprint of cloud, edge, and Internet of Edges Editorial of 6GNet 2023 special issue On the (in)efficiency of fuzzing network protocols Investigation of LDPC codes with interleaving for 5G wireless networks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1