Implementation of a discretionary access control model for script-based systems

for Script-based Systems Trent Jaeger and Atul Prakash Software Systems Research Laboratory Department of Electrical Engineering and Computer Science University of Michigan, Ann Arbor, MI 48109-2122 E-mails: [email protected] Abstract Powerful applications can be implemented using command scripts. A command script is a program written by one user, called a writer, and made available to another user, called the reader, who executes the script. For instance, command scripts could be used by Mosaic, the popular World-wide Web browsing tool, to provide fancy interfaces to services, such as banking, shopping, etc. However, the use of command scripts presents a serious security problem. A command script is run with the reader's access rights, so a writer can use a command script to gain unauthorized access to the reader's data and applications. Existing solutions to the problem either severely restrict I/O capability of scripts, limiting the range of applications that can be supported, or permit all I/O to scripts, potentially compromising the security of the reader's data. We de ne a discretionary access control model that permits users to exibly limit the access rights of the processes that execute a command script. We use this model in a prototype system that safely executes command scripts available from Mosaic.