Download - Access Control in GAIA Operating System
![Page 1: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/1.jpg)
Access Control in GAIA Operating
System
![Page 2: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/2.jpg)
GAIA • OS for ubiquitous system.
• Built at middle-ware level built over native participating OS
• It has a context aware file system
• Each file is encapsulated in a container
• Each file has some context variables defined for it.
![Page 3: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/3.jpg)
<CFS:Storage>
<CFS:Owner>Munawar</CFS:Owner>
<CFS:Host>srg181</CFS:Host>
<CFS:Path>c:\Temp\15687</CFS:Path>
<CFS:Context>
<CFS:Type>situation</CFS:Type>
<CFS:Value>class-presentation</CFS:Value>
</CFS:Context>
<CFS:Context>
<CFS:Type>location</CFS:Type>
<CFS:Value>106B1-Engg Hall</CFS:Value>
</CFS:Context>
</CFS:Storage>
Context File System of GAIA
![Page 4: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/4.jpg)
Problem Statement
Implement cryptographic access control for GAIA's Context File System.
General problem of cryptographic access control
Identifying the User making the request
![Page 5: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/5.jpg)
The whole problem is a jigsaw puzzle and it’s a
matter of putting the pieces in the right position
And make correct decisions to get the whole solution.
![Page 6: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/6.jpg)
Client Side Support
At this point all users make request as root while accessing files.
So, the client side CORBA interceptor should have amechanism of including the user ID with every file accessrequest.
Decision 1 – Add user ID with everyFile access request.
![Page 7: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/7.jpg)
Communication between client-server shouldbe secure
We would use OpenSSH for crypto solution and some key-generation protocol for sessionkey management.
An existing protocol like Otway-Rees wouldbe used.
![Page 8: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/8.jpg)
Maintaining the Access Control List
Add an additional field to the XML definition for each file
<CFS:Privilege>rwxr—r-x</CFS:Privilege>
Looks a Lot like UNIX !!!!!!!
We have to implement some user and group management scheme like UNIX.
![Page 9: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/9.jpg)
File Access Policies
Clients have different nativeOS – therefore the files shouldundergo filtering before being sent to clients.
A filtering mechanism is already existent – Some augmentation may be necessary.
![Page 10: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/10.jpg)
Credentials
GAIA AS provides credentials
Jalal is working on this. We would be using his component
![Page 11: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/11.jpg)
Everything in middleware
![Page 12: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/12.jpg)
Current Activities
•Creating a draft of design•Going through the code•And a lot of reading materials, ,phew…
![Page 13: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/13.jpg)
Almost left anImportant point
Where are we putting the privilege information and how do we secure it?
![Page 14: Access Control in GAIA Operating System](https://reader035.vdocuments.mx/reader035/viewer/2022062304/5681351d550346895d9c7b91/html5/thumbnails/14.jpg)
Suggestions and Questions ??