Applying RBAC & DTE in OOP environments

Brainwave #1: SE Linux has a very cool permissions model that treats all objects within the OS as nodes in a directed state graph.

To briefly summarize, permissions are granted and/or denied based on who(user,process) is trying to access what(inode,socket) and from where.

The model is so cool that MS had themselves a gigantic hissy fit and wailed on the NSA (among others) for equiping the Linux community with a security model that beat its own commercial offering hands down, for free.

What's interesting, however, is that it should be possible to extract the model and super-impose it on the Java object model, or that of any other OOP language for that matter.

Of course, code injection is generally less of a worry in managed environments than in binary ones, so the idea may not be all that valuable until (or if ever) we start evaluating untrusted logic on the server. (Highly unlikely, due to the halting problem, but still.)

No comments: