Repository logo

On component-oriented access control in lightweight virtualized server environments

dc.contributor.authorBelyaev, Kirill, author
dc.contributor.authorRay, Indrakshi, advisor
dc.contributor.authorRay, Indrajit, committee member
dc.contributor.authorMalaiya, Yashwant, committee member
dc.contributor.authorVijayasarathy, Leo, committee member
dc.description.abstractWith the advancements in contemporary multi-core CPU architectures and increase in main memory capacity, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent services on a single server instance. Individual components of such services may run in different isolated runtime environments, such as chrooted jails or related forms of OS-level containers, and may need restricted access to system resources and the ability to share data and coordinate with each other in a regulated and secure manner. In this dissertation we describe our work on the access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled data sharing and coordination for service components running in disjoint containerized environments within a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Lightweight Policy Machine for Linux (LPM) that acts as the centralized reference monitor and provides a uniform interface for regulating access to system resources and requesting data and control objects. We present the details of our framework and also discuss the preliminary implementation and evaluation to demonstrate the feasibility of our approach.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.publisherColorado State University. Libraries
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see
dc.subjectdata and application security
dc.subjectsecurity architectures
dc.subjecttuple spaces
dc.subjectdenial of service protection
dc.subjectaccess control
dc.subjectservice and systems design
dc.titleOn component-oriented access control in lightweight virtualized server environments
dcterms.rights.dplaThis Item is protected by copyright and/or related rights ( You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). Science State University of Philosophy (Ph.D.)


Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
5.68 MB
Adobe Portable Document Format