Gustafsson et al., 1997 - Google Patents
Using nfs to implement role-based access controlGustafsson et al., 1997
View PDF- Document ID
- 233773478919888766
- Author
- Gustafsson M
- Deligny B
- Shahmehri N
- Publication year
- Publication venue
- Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
External Links
Snippet
Presents a design for a modified NFS (Network File System) server that, through simple additions, makes it possible to place an exported file system under role-based access control (RBAC). RBAC is an efficient way for managing access control information. However …
- 230000004048 modification 0 description 5
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/445—Programme loading or initiating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/4421—Execution paradigms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Smalley | Configuring the SELinux policy | |
| US5497463A (en) | Ally mechanism for interconnecting non-distributed computing environment (DCE) and DCE systems to operate in a network system | |
| JP3696639B2 (en) | Unification of directory service with file system service | |
| Acharya et al. | {MAPbox}: Using Parameterized Behavior Classes to Confine Untrusted Applications | |
| US8239954B2 (en) | Access control based on program properties | |
| US5961582A (en) | Distributed and portable execution environment | |
| US8117230B2 (en) | Interfaces and methods for group policy management | |
| US7444671B2 (en) | Protected execution environments within a computer system | |
| US20020065776A1 (en) | Method and process for virtualizing file system interfaces | |
| US20020066022A1 (en) | System and method for securing an application for execution on a computer | |
| US20020092003A1 (en) | Method and process for the rewriting of binaries to intercept system calls in a secure execution environment | |
| GB2379763A (en) | Management of compartments in a trusted operating system | |
| US6732211B1 (en) | Intercepting I/O multiplexing operations involving cross-domain file descriptor sets | |
| CN114586010A (en) | On-demand execution of object filtering code in the output path of an object storage service | |
| US20160344771A1 (en) | Managed applications | |
| US20020066021A1 (en) | Method and process for securing an application program to execute in a remote environment | |
| US20020065945A1 (en) | System and method for communicating and controlling the behavior of an application executing on a computer | |
| US20160342788A1 (en) | Generating packages for managed applications | |
| US20020065876A1 (en) | Method and process for the virtualization of system databases and stored information | |
| CN107636667B (en) | System and method for creating multiple workspaces in a device | |
| Gustafsson et al. | Using nfs to implement role-based access control | |
| US20020065869A1 (en) | Method and process for virtualizing user interfaces | |
| US20020065874A1 (en) | Method and process for virtualizing network interfaces | |
| Anderson et al. | Towards oblivious sandboxing with Capsicum | |
| Gruenbacher et al. | AppArmor technical documentation |