“Hosting” represents a commonplace solution for the low-cost implementation of web sites through the efficient sharing of the resources of a single server. The arising security problems, however, are not always easily dealt with under the Discretionary Access Control model implemented by traditional operating systems. More robust separation between the hosted sites, as well as more robust protection of the host system, can be attained by exploiting the features typical of Mandatory Access Control systems. Recently, these systems have recently been made available to the vast Linux community through projects like SELinx and grsecurity. This paper describes the architecture of a secure hosting server, integrating SELinux functionalities into the Apache/PHP platform, designed with the goal of increasing security without adding administrative burdens or impacting performance.
Mandatory Access Control applications to web hosting / M. prandini; e.faldella; r. laschi. - STAMPA. - (2006), pp. 13-22. (Intervento presentato al convegno EC2ND 2006 Second European conference on computer network defence tenutosi a Pontypridd (Cardiff), Wales, UK nel 13-15 Dicembre 2006).
Mandatory Access Control applications to web hosting
PRANDINI, MARCO;FALDELLA, EUGENIO;LASCHI, ROBERTO
2006
Abstract
“Hosting” represents a commonplace solution for the low-cost implementation of web sites through the efficient sharing of the resources of a single server. The arising security problems, however, are not always easily dealt with under the Discretionary Access Control model implemented by traditional operating systems. More robust separation between the hosted sites, as well as more robust protection of the host system, can be attained by exploiting the features typical of Mandatory Access Control systems. Recently, these systems have recently been made available to the vast Linux community through projects like SELinx and grsecurity. This paper describes the architecture of a secure hosting server, integrating SELinux functionalities into the Apache/PHP platform, designed with the goal of increasing security without adding administrative burdens or impacting performance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
