A Role-Based Model of Linux Privilege Management and its Implementation

At present, With the wide application of Linux system, the security performance of Linux system is meeting more and more challenges. This paper analyzes the the security flaw of traditional Linux security mechanism in which the presence of superuser root violates the principle of least privilege in security system design, which brings various kinds of privilege elevation attacks. The current fine-grained solution Capabilities mechanism proposed by POSIX1e divides root superuser into privilege units, but it fails to remove root user from the Linux system. By analyzing the imperfection of current solutions, this paper proposes a novel role-based privilege management model. By distributing capabilities to roles and assigning roles to specific users, this model not only removes superuser root from the Linux system but also builds an privilege-separation system. With implementation in Linux system and experiments, this model proves to be fine-grained and privilege-seprated with no performance loss.