1.1 Problem Statement
1.2 What Is Security?
1.3 OS Protection and Security
1.4 Assets and their Vulnerabilities
1.7 Malicious Software
1.8 Trusted Systems
1.9 Protection and Security Design Principles
1.10 The Unix/Linux Security Model
Properties of the Unix Superuser
The Unix Security Model — Groups
Protection For Unix Files and Directories
The Meaning of Permissions
Changing File and Directory Permissions
1.11 Access control lists (ACLs)
Access Tokens and User Rights
The Discretionary Access Control List
The System Access Control List
2. Background and Motivation
2.2 What is Clustering?
2.2.1 Advantages of clustering
2.2.2 Applications of Clustering
2.2.3 Getting Started With Linux Cluster
2.2.4 Cluster Components
3. Literature Survey
3.1 Security Models
3.1.1 Access Control Matrix
3.1.2 Bell-La Padula
3.1.4 Domain and Type Enforcement
3.2 Security Mechanisms
3.2.1 Discretionary Access Control
3.2.2 Mandatory Access Control
3.2.3 Role-Based Access Control
3.2.4 Reference Monitor
3.3 Other Concepts
3.3.1 Separation of Mechanism and Policy
4.1 System Design
4.2 Hardware And Software Requirement
4.2.1 Software requirement
List of Tables and Figures
Table 3.1: Example of an access control matrix with two subjects and two objects
Figure 3.1: Overview of the Generalized Framework for Access Control (GFAC) architecture Figure 3.2: Overview of the Flux Advanced Security Kernel (FLASK) architecture Figure 4.1 System Model for security module
Traditionally, the telecom industry uses clusters to meet its carrier-grade requirements of high availability, reliability, and scalability. To answer the need for advanced security feature a on Linux clusters in telecom world Distributed Security infrastructure is implemented. In Distributed Architecture, the security server is responsible for passing the security policy to security module.
This paper presents an approach for distributed security architecture that supports advanced security mechanisms for current and future security needs, targeted for carrier-class application servers running on clustered systems.
Our work targets implementing security mechanisms for soft real-time distributed carrier grade applications running on large-scale Linux clusters. These clusters are dedicated to run only one application. They must provide five nines availability (99.999% uptime) that includes hardware upgrade and maintenance and operating system and applications upgrades. In such clusters, software and hardware configurations are under the tight control of administrators. The communications between the nodes inside the cluster and to external computers are restricted.
1.2 What Is Security?
Broadly, security can be viewed as several layers of mechanisms designed to enforce proper use of a given system. Here are five layers of interest to us:
Application: The ultimate purpose of an operating system is to allow users to run application programs. The security problem at this layer is to insure that application programs perform as required. (For example, issues of statistical database security, which address methods to keep users from inferring information about specific subjects from a statistical data base, fall into this category.)
Supervision: Operating systems are manipulated by humans. At this layer, we are concerned with providing straightforward tools must be provided which easily allow appropriate authorities to correctly specify security conditions. Tools may also be needed to report on actions that users take while...
Please join StudyMode to read the full document