Repository logo

On component-oriented access control in lightweight virtualized server environments




Belyaev, Kirill, author
Ray, Indrakshi, advisor
Ray, Indrajit, committee member
Malaiya, Yashwant, committee member
Vijayasarathy, Leo, committee member

Journal Title

Journal ISSN

Volume Title


With the advancements in contemporary multi-core CPU architectures and increase in main memory capacity, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent services on a single server instance. Individual components of such services may run in different isolated runtime environments, such as chrooted jails or related forms of OS-level containers, and may need restricted access to system resources and the ability to share data and coordinate with each other in a regulated and secure manner. In this dissertation we describe our work on the access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled data sharing and coordination for service components running in disjoint containerized environments within a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Lightweight Policy Machine for Linux (LPM) that acts as the centralized reference monitor and provides a uniform interface for regulating access to system resources and requesting data and control objects. We present the details of our framework and also discuss the preliminary implementation and evaluation to demonstrate the feasibility of our approach.


Rights Access


data and application security
security architectures
tuple spaces
denial of service protection
access control
service and systems design


Associated Publications