Component-Oriented Access Control for Deployment of Application Services in Containerized Environments

With the advancements in multi-core CPU architectures, it is now possible for a server operating system (OS) such as Linux to handle a large number of concurrent application services on a single server instance. Individual service components of such services may run in different isolated environments, such as chrooted jails or application containers, and may need controlled access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. In an earlier work, we motivated the need for an access control framework that is based on the principle of least privilege for formulation, management, and enforcement of policies that allows controlled access to system resources and also permits controlled collaboration and coordination for service components deployed in disjoint containerized environments under a single OS instance. The current work provides a more in-depth treatment of secure inter-component communication in such environments. We show the policies needed for such communication and demonstrate how they can be enforced through a Linux Policy Machine that acts as the centralized reference monitor. The inter-component interaction occurs through the persistent layer using a tuple space abstraction. We implemented a tuple space library that provides operations on the tuple space. We present preliminary experimental results of its implementation that discuss the resource usage and performance.

[1]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[2]  Franco Zambonelli,et al.  XML dataspaces for mobile agent coordination , 2000, SAC '00.

[3]  Edwin Hsing-Mean Sha,et al.  A unified framework for designing high performance in-memory and hybrid memory file systems , 2016, J. Syst. Archit..

[4]  Paolo Costa,et al.  The LighTS tuple space framework and its customization for context-aware applications , 2007, Web Intell. Agent Syst..

[5]  Emmett Witchel,et al.  Application-Defined Decentralized Access Control , 2014, USENIX Annual Technical Conference.

[6]  Victoria Ungureanu,et al.  Making tuple spaces safe for heterogeneous distributed systems , 2000, SAC '00.

[7]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[8]  David Gelernter,et al.  Generative communication in Linda , 1985, TOPL.

[9]  Donald E. Porter,et al.  Laminar: practical fine-grained decentralized information flow control , 2009, PLDI '09.

[10]  Jan Vitek,et al.  Coordinating processes with secure spaces , 2003, Sci. Comput. Program..

[11]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  Rajkumar Buyya,et al.  A novel architecture for realizing grid workflow using tuple spaces , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[13]  Indrakshi Ray,et al.  Towards Access Control for Isolated Applications , 2016, SECRYPT.