On component-oriented access control in lightweight virtualized server environments
| dc.contributor.author | Belyaev, Kirill, author | |
| dc.contributor.author | Ray, Indrakshi, advisor | |
| dc.contributor.author | Ray, Indrajit, committee member | |
| dc.contributor.author | Malaiya, Yashwant, committee member | |
| dc.contributor.author | Vijayasarathy, Leo, committee member | |
| dc.date.accessioned | 2018-01-17T16:46:08Z | |
| dc.date.available | 2018-01-17T16:46:08Z | |
| dc.date.issued | 2017 | |
| dc.description.abstract | With the advancements in contemporary multi-core CPU architectures and increase in main memory capacity, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent services on a single server instance. Individual components of such services may run in different isolated runtime environments, such as chrooted jails or related forms of OS-level containers, and may need restricted access to system resources and the ability to share data and coordinate with each other in a regulated and secure manner. In this dissertation we describe our work on the access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled data sharing and coordination for service components running in disjoint containerized environments within a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Lightweight Policy Machine for Linux (LPM) that acts as the centralized reference monitor and provides a uniform interface for regulating access to system resources and requesting data and control objects. We present the details of our framework and also discuss the preliminary implementation and evaluation to demonstrate the feasibility of our approach. | |
| dc.format.medium | born digital | |
| dc.format.medium | doctoral dissertations | |
| dc.identifier | Belyaev_colostate_0053A_14571.pdf | |
| dc.identifier.uri | https://hdl.handle.net/10217/185748 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado State University. Libraries | |
| dc.relation.ispartof | 2000-2019 | |
| dc.rights | Copyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright. | |
| dc.subject | data and application security | |
| dc.subject | security architectures | |
| dc.subject | tuple spaces | |
| dc.subject | denial of service protection | |
| dc.subject | access control | |
| dc.subject | service and systems design | |
| dc.title | On component-oriented access control in lightweight virtualized server environments | |
| dc.type | Text | |
| dcterms.rights.dpla | This Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Colorado State University | |
| thesis.degree.level | Doctoral | |
| thesis.degree.name | Doctor of Philosophy (Ph.D.) |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Belyaev_colostate_0053A_14571.pdf
- Size:
- 5.68 MB
- Format:
- Adobe Portable Document Format