Mandatory Access Control implantation against potential NFS vulnerabilities

Authors:
Mathieu Blanc;Kevin Guerin;Jean-Francois Lalande;Vincent Le Port
Affiliations:
CEA, DAM, DIF, France;LIFO, ENSI de Bourges - Université d'Orléans, France;LIFO, ENSI de Bourges - Université d'Orléans, France;LIFO, ENSI de Bourges - Université d'Orléans, France
Venue:
CTS '09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems
Year:
2009

Citing 0
Cited 3

A comparison of secure multi-tenancy architectures for filesystem storage clouds

Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Improving Mandatory Access Control for HPC clusters

Future Generation Computer Systems
A comparison of secure multi-tenancy architectures for filesystem storage clouds

Proceedings of the 12th International Middleware Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a technical solution for protecting users using a shared NFS service possibly controlled by a malicious user. The main goal is to protect the integrity and confidentiality of user's resources. Moreover, we propose to solve a more difficult challenge: how to prevent a malicious user from exploiting a supposed NFS vulnerability in order to read or write the resources of another user? Thus, this paper assumes that a vulnerability might exist in the NFS protocol or software components that gives the ability to a malicious user to execute any arbitrary code on the NFS server. Technical details about the implantation of Mandatory Access Control mechanisms with Multi Categories on the server side are given. The proposed solution avoids heavy modifications of the clients and only relies on the authentication of these clients.