A Role-Based Approach to Restricting Application Execution

i Declaration This thesis is my own account of the research carried out by myself in 2005. Abstract As systems are becoming more interconnected, software is becoming less trustworthy and users are increasingly at greater risk of attack. Most operating systems allow programs to run with the full set of a user's permissions and this can result in malicious code with the ability to act outside of the expected behaviour of the application. Per-application restricted execution models can be utilised to confine applications and thus limit the ability of programs to act maliciously; however, established confinement models that allow finely-grained restricted access to shared resources require the construction of extremely complex policies that do not scale well to confine numerous applications. This has limited their practical usefulness and acceptance. Role-Based Access Control (RBAC) is a system-wide per-user confinement model that associates users with privileges via semantic constructs known as roles. RBAC mediates access to shared resources using abstract policy constructs, and provides access control with scalability and manageability. A new confinement model, Role-Based Execution Environment (RBEE), was designed to demonstrate the feasibility of adapting the RBAC model to a per-application context. RBEE illustrates that RBAC concepts can be applied to the area of per-application confinement to provide similar benefits: improvements in usability, manageability of policy and scalability; largely providing a solution to the impracticalities of finely-grained per-application confinement. iii Acknowledgements