Author(s): Liang Peng | Yingxu Lai | Shupo Bu | Zhan Jing | Li Yu | Jiang Wei | Lin Li
Journal: Advances in Molecular Imaging
ISSN 2161-6728
Volume: 05;
Issue: 02;
Start page: 105;
Date: 2012;
Original page
Keywords: Least Privilege | Virtualization | Isolation | Privileged User | Domain | System Service
ABSTRACT
For the super user privilege control problem in system services, a user permission isolation method is proposed. Based on virtualization technology, the permission limited environments are constructed for different users. According to privilege sets, the users, mapping relations are built among users, isolated domains and program modules. Besides, we give an algorithm for division of program permissions based on Concept Lattices. And the security strategies are designed for different isolated domains. Finally, we propose the implications of least privilege, and prove that the method eliminates the potential privileged users in system services.
Journal: Advances in Molecular Imaging
ISSN 2161-6728
Volume: 05;
Issue: 02;
Start page: 105;
Date: 2012;
Original page
Keywords: Least Privilege | Virtualization | Isolation | Privileged User | Domain | System Service
ABSTRACT
For the super user privilege control problem in system services, a user permission isolation method is proposed. Based on virtualization technology, the permission limited environments are constructed for different users. According to privilege sets, the users, mapping relations are built among users, isolated domains and program modules. Besides, we give an algorithm for division of program permissions based on Concept Lattices. And the security strategies are designed for different isolated domains. Finally, we propose the implications of least privilege, and prove that the method eliminates the potential privileged users in system services.
