access control in gaia operating system
DESCRIPTION
Access Control in GAIA Operating System. GAIA. OS for ubiquitous system. Built at middle-ware level built over native participating OS It has a context aware file system Each file is encapsulated in a container Each file has some context variables defined for it. - PowerPoint PPT PresentationTRANSCRIPT
Access Control in GAIA Operating
System
GAIA • OS for ubiquitous system.
• Built at middle-ware level built over native participating OS
• It has a context aware file system
• Each file is encapsulated in a container
• Each file has some context variables defined for it.
<CFS:Storage>
<CFS:Owner>Munawar</CFS:Owner>
<CFS:Host>srg181</CFS:Host>
<CFS:Path>c:\Temp\15687</CFS:Path>
<CFS:Context>
<CFS:Type>situation</CFS:Type>
<CFS:Value>class-presentation</CFS:Value>
</CFS:Context>
<CFS:Context>
<CFS:Type>location</CFS:Type>
<CFS:Value>106B1-Engg Hall</CFS:Value>
</CFS:Context>
</CFS:Storage>
Context File System of GAIA
Problem Statement
Implement cryptographic access control for GAIA's Context File System.
General problem of cryptographic access control
Identifying the User making the request
The whole problem is a jigsaw puzzle and it’s a
matter of putting the pieces in the right position
And make correct decisions to get the whole solution.
Client Side Support
At this point all users make request as root while accessing files.
So, the client side CORBA interceptor should have amechanism of including the user ID with every file accessrequest.
Decision 1 – Add user ID with everyFile access request.
Communication between client-server shouldbe secure
We would use OpenSSH for crypto solution and some key-generation protocol for sessionkey management.
An existing protocol like Otway-Rees wouldbe used.
Maintaining the Access Control List
Add an additional field to the XML definition for each file
<CFS:Privilege>rwxr—r-x</CFS:Privilege>
Looks a Lot like UNIX !!!!!!!
We have to implement some user and group management scheme like UNIX.
File Access Policies
Clients have different nativeOS – therefore the files shouldundergo filtering before being sent to clients.
A filtering mechanism is already existent – Some augmentation may be necessary.
Credentials
GAIA AS provides credentials
Jalal is working on this. We would be using his component
Everything in middleware
Current Activities
•Creating a draft of design•Going through the code•And a lot of reading materials, ,phew…
Almost left anImportant point
Where are we putting the privilege information and how do we secure it?
Suggestions and Questions ??