Making Linux Protection Mechanisms Egalitarian with UserFS
URL to paper on conference site: http://www.usenix.org/events/sec10/tech/
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
USENIX Association
2011
|
| Online Access: | http://hdl.handle.net/1721.1/62806 https://orcid.org/0000-0003-0238-2703 |
| _version_ | 1826200047156461568 |
|---|---|
| author | Kim, Taesoo Zeldovich, Nickolai |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Kim, Taesoo Zeldovich, Nickolai |
| author_sort | Kim, Taesoo |
| collection | MIT |
| description | URL to paper on conference site: http://www.usenix.org/events/sec10/tech/ |
| first_indexed | 2024-09-23T11:30:05Z |
| format | Article |
| id | mit-1721.1/62806 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T11:30:05Z |
| publishDate | 2011 |
| publisher | USENIX Association |
| record_format | dspace |
| spelling | mit-1721.1/628062022-09-27T19:57:33Z Making Linux Protection Mechanisms Egalitarian with UserFS Kim, Taesoo Zeldovich, Nickolai Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Zeldovich, Nickolai Zeldovich, Nickolai Kim, Taesoo URL to paper on conference site: http://www.usenix.org/events/sec10/tech/ UserFS provides egalitarian OS protection mechanisms in Linux. UserFS allows any user—not just the system administrator—to allocate Unix user IDs, to use chroot, and to set up firewall rules in order to confine untrusted code. One key idea in UserFS is representing user IDs as files in a /proc-like file system, thus allowing applications to manage user IDs like any other files, by setting permissions and passing file descriptors over Unix domain sockets. UserFS addresses several challenges in making user IDs egalitarian, including accountability, resource allocation, persistence, and UID reuse. We have ported several applications to take advantage of UserFS; by changing just tens to hundreds of lines of code, we prevented attackers from exploiting application-level vulnerabilities, such as code injection or missing ACL checks in a PHP-based wiki application. Implementing UserFS requires minimal changes to the Linux kernel—a single 3,000-line kernel module—and incurs no performance overhead for most operations, making it practical to deploy on real systems. Quanta Computer (Firm) Samsung Scholarship Foundation 2011-05-10T19:00:40Z 2011-05-10T19:00:40Z 2010-08 Article http://purl.org/eprint/type/ConferencePaper http://hdl.handle.net/1721.1/62806 Kim, Taesoo and Nickolai Zeldovich. "Making Linux Protection Mechanisms Egalitarian with UserFS." in Proceedings of the 19th USENIX Security Symposium, Washington, DC, Aug. 11-13, 2010. https://orcid.org/0000-0003-0238-2703 en_US http://www.usenix.org/events/sec10/tech/full_papers/Kim.pdf Proceedings of the 19th USENIX Security Symposium Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/ application/pdf USENIX Association MIT web domain |
| spellingShingle | Kim, Taesoo Zeldovich, Nickolai Making Linux Protection Mechanisms Egalitarian with UserFS |
| title | Making Linux Protection Mechanisms Egalitarian with UserFS |
| title_full | Making Linux Protection Mechanisms Egalitarian with UserFS |
| title_fullStr | Making Linux Protection Mechanisms Egalitarian with UserFS |
| title_full_unstemmed | Making Linux Protection Mechanisms Egalitarian with UserFS |
| title_short | Making Linux Protection Mechanisms Egalitarian with UserFS |
| title_sort | making linux protection mechanisms egalitarian with userfs |
| url | http://hdl.handle.net/1721.1/62806 https://orcid.org/0000-0003-0238-2703 |
| work_keys_str_mv | AT kimtaesoo makinglinuxprotectionmechanismsegalitarianwithuserfs AT zeldovichnickolai makinglinuxprotectionmechanismsegalitarianwithuserfs |