• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & Security >On the formalization, design, and implementation of component-oriented access control in lightweight virtualized server environments
【24h】

On the formalization, design, and implementation of component-oriented access control in lightweight virtualized server environments

机译:关于轻量级虚拟化服务器环境中面向组件的访问控制的形式化,设计和实现

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In modern day operating systems, such as Linux, it is now possible to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other. We formalize the access control requirements of such components; our model allows access to OS resources on a need-to-know basis and also controls collaboration and coordination among service components running in disjoint containerized environments under a single Linux OS server instance. Such access control is managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the design of the LPM and provide an implementation to demonstrate the feasibility of our approach.
机译:在现代操作系统(如Linux)中,现在可以在单个服务器实例上处理大量并发应用程序服务。此类服务的各个应用程序组件可能在不同的隔离运行时环境中运行,例如chroot监狱或应用程序容器,并且可能需要访问系统资源以及彼此协作和协调的能力。我们正式确定了此类组件的访问控制要求;我们的模型允许在需要了解的基础上访问OS资源,并控制在单个Linux OS服务器实例下在不相交的容器化环境中运行的服务组件之间的协作和协调。此类访问控制是通过Linux策略机(LPM)进行管理和实施的,该策略机用作集中式参考监视器,并提供用于访问系统资源以及请求应用程序数据和控制对象的统一接口。我们介绍了LPM的设计,并提供了一个实现来证明我们方法的可行性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号