Privacy analysis and enhancements for data sharing in *nix systems

In this paper, we analyse the data sharing mechanisms of *nix systems and identify an immediate need for better privacy support. For example, using a simple insider attack we were able to access over 84 GB of private data at one organisation of 825 users, including 300 000 e-mails and 579 passwords to financial and other private services websites, without exploiting any technical vulnerability. We present two solutions to address this problem: 1. an administrative auditing tool which can alert administrators and users when their private data is at risk; 2. a new View Based Access Control (VBAC) mechanism which provides stronger and yet convenient privacy support. We also describe a proof-of-concept filesystem-based implementation and performance analysis of VBAC. Our evaluations with three well-known filesystem benchmarks show little overhead of using VBAC.

[1]  Kevin Fu,et al.  Inside Risks: Web cookies: not just a privacy risk , 2001, CACM.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Ching-Yi Wang,et al.  Access Control in a Heterogeneous Distributed Database Management System , 1987, IEEE International Symposium on Reliable Distributed Systems.

[4]  Bert Wijnen,et al.  View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) , 1999, RFC.

[5]  Miriam Whaples,et al.  Opera , 1969 .

[6]  A. Retrospective,et al.  The UNIX Time-sharing System , 1977 .

[7]  Mahadev Satyanarayanan,et al.  Scale and performance in a distributed file system , 1987, SOSP '87.

[8]  Erez Zadok,et al.  Cryptfs: A Stackable Vnode Level Encryption File System , 1998 .

[9]  David Wagner,et al.  Janus: an Approach for Confinement of Untrusted Applications , 1999 .

[10]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[11]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[12]  Mahadev Satyanarayanan,et al.  Scalable, secure, and highly available distributed file access , 1990, Computer.

[13]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[14]  Andreas Grünbacher,et al.  POSIX Access Control Lists on Linux , 2003, USENIX Annual Technical Conference, FREENIX Track.

[15]  Mikey Goldweber,et al.  A Poster about View-OS: a Process with a view , 2006 .

[16]  Ehud Shapiro,et al.  Active mail—a framework for implementing groupware , 1992, CSCW '92.

[17]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[18]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[19]  D. M. Ritchie,et al.  UNIX time-sharing system: A retrospective , 1978, The Bell System Technical Journal.

[20]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[21]  Atul Prakash,et al.  Support for the file system security requirements of computational E-mail systems , 1994, CCS '94.

[22]  David Mazières,et al.  Self-certifying file system , 2000 .

[23]  R. Card,et al.  Design and Implementation of the Second Extended Filesystem , 2001 .

[24]  Simone Fischer Hübner,et al.  The Rule Set Based Access Control (RSBAC) Framework for Linux , 2001 .