Current operating systems provide inadequate protection for today's threat environment. As a consequence, computer systems are regularly subverted; it has been estimated that 25% of PCs are bots, controlled by attackers. Better security architectures are needed to enable these computers to withstand attacks and prevent them from being (1) plundered and (2) used as launch pads for DDoS, spam, and financial fraud attacks.
And yet, the vast majority of computers today use an authorization model (a.k.a. access controls) that is little changed over the past three decades. The threat profile has changed because of factors including high-speed Internet connections, direct access to financial services, self-administered systems, and a much broader user population. The result of these changes has been the creation of a well-funded and highly skilled attack software industry that automates attacks.
We describe a new security architecture called KernelSec for authorization and authentication that provides much stronger protections than existing systems. It largely eliminates the need for today's problem-prone application-provided protections. And it is designed to dramatically increase the attackers' workload to subvert a system.
But the high complexity of newer authorization models that address the above concerns has been an impediment to their widespread adoption. This complexity is multifaceted; therefore, reducing it requires a variety of techniques. Central to this reduction of complexity is a high-level authorization specification language called LEAP, which is succinct, composable, and (mostly) stateless. Also described are the protections afforded and the implementation in the Linux Kernel.
Dr. Jon Solworth is Director of the Center for Research and Instruction in Technologies for Electronic Security (RITES) and Associate Professor of Computer Science at the University of Illinois at Chicago. He is a systems researcher whose interests include computer security, operating systems, networks, and distributed systems; he has addressed these problems using both theoretical and experimental techniques. His first paper in computer security (with Robert Sloan) described an authorization model sufficient to implement the Osborn-Sandhu-Munawer DAC taxonomy and answered in part a 30-year-old question raised by Harrison-Ruzzo-Ullman about authorization models with a decidable safety property. He is on numerous workshop and conference program committees, and is Program Co-Chair (with Ravi Sandhu) of the ACM Computer Security Architectures Workshop (CSAW) to be held in conjunction with the ACM Conference on Computer and Communications Security (CCS). In the past, Prof. Solworth has worked on a wide range of systems topics, including storage systems, interconnection networks, and parallel processing languages and architectures.