OSDev.org

The Place to Start for Operating System Developers
http://f.osdev.org/

Security idea

http://f.osdev.org/viewtopic.php?t=13025

Page 1 of 1

Security idea

Posted: Thu Feb 22, 2007 9:32 pm
by iammisc
My kernel is a microkernel so it really has no idea about users and groups and that type of permission model. What it does have however, is a list of "rights" which have a name like("/System/Rights/Ports/60", this is for accessing port 60 of course) and a value, a 64 byte randomly generated value.

The rights that the kernel provides is kept in kernel space and rights that other servers provide are kept in those servers page tables only.

In order to something protected by a right, you have to use the authentication server, or if the authentication server has not yet been started up(the authentication server is one of the servers that the kernel monitors and even uses), you use the kernel to get the 64 byte value. The authentication server manages users and groups and the rights each have.

Then you have to supply this write to the function that is priveleged and the server, or kernel(which is also a server in my os), checks to make sure that you have the right you supplied is correct. If it is you can perform the task, if not, then the user is notified and the program is alerted that it does not have proper rights.

Is this a good method of security? are there any pitfalls to this method? do any of you use this sort of method or anything close to it?

Thanks.

Posted: Sun Feb 25, 2007 5:31 am
by Candy
http://en.wikipedia.org/wiki/Capability-based_security

Yeah, it's a good idea.

(Rule of good ideas - it's either not good or it's been done before)

Posted: Sun Feb 25, 2007 3:05 pm
by Crazed123
While, unless I read incorrectly, that idea does sound rather like capability security, I don't think the Law of Good Ideas is really a law. You take something that sounds good but hasn't been done before and you find a way to do it. In the end, you get a new good idea.

After all, if all good ideas have been tried before, what the hell are we doing here?

Posted: Sun Feb 25, 2007 3:36 pm
by Tyler
Crazed123 wrote:While, unless I read incorrectly, that idea does sound rather like capability security, I don't think the Law of Good Ideas is really a law. You take something that sounds good but hasn't been done before and you find a way to do it. In the end, you get a new good idea.

After all, if all good ideas have been tried before, what the hell are we doing here?
Bringing them together

Posted: Sun Feb 25, 2007 3:52 pm
by Crazed123
As someone engaged in trying to invent new ideas and make them work, let me say: that just fucking sucks.

Posted: Mon Feb 26, 2007 12:09 pm
by Candy
Let's call it a rule then - it's like that pretty much all the time though.

Came up with a dozen "new ideas" for my own OS, to make it easier to program in effectively and efficiently. So it appears 1 of them was thought up before in a specialized language and a concept without implementation (afaik) and the rest is a part of the C++0x proposal - including one language extension I'd been hoping for for a few years but couldn't find (variadic templates).
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited