Role-Based Access Control Models
Computer
Practical Intranet Security: Overview of the State of the Art and Available Technologies
Practical Intranet Security: Overview of the State of the Art and Available Technologies
A Review of the SESAME Development
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Security mechanism independence in ONC RPC
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
| Hi-index | 0.00 |
The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.