March 16, 2017: Invited Speaker Seminar: Access Control Across Isolated Containerized Environments in Linux

Dr. Indrakshi Ray
Colorado State University

Thursday, March 16, 2017 at 2:00 pm
Room EV009.221

Abstract

With the advancements in contemporary multi-core CPU architectures, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent application services on a single server instance.  Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner.  We propose an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance.  We formalize the notion of policy classes for handling the different types of access. The policy classes are managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides access to system resources and allows controlled sharing of resources across containerized environments. We present the main ideas of our framework and also discuss the preliminary implementation to demonstrate the feasibility of our approach.

Biography

Indrakshi Ray is a Professor in the Computer Science Department at Colorado State University. She has been a visiting faculty at Air Force Research Laboratory, Naval Research Laboratory, and at INRIA, Rocquencourt, France. Dr. Ray's research interests include security and privacy, database systems, and formal methods for software assurance. She has published over a hundred technical papers in refereed journals and conference proceedings with the support from agencies including Air Force Research Laboratory, Air Force Office of Scientific Research, National Institute of Health, National Institute of Standards and Technology, National Science Foundation, and the United States Department of Agriculture. She is on the editorial board of IEEE Transactions on Dependable and Secure Computing and Computer Standards and Interfaces. She was the Program Chair of ACM SACMAT 2006, Program Co-Chair for ICISS 2013, CSS 2013, IFIP DBSec 2003, and General Chair of SACMAT 2008. She has served on the program committees of various conferences including ACM SACMAT, DBSec, EDBT, ESORICS, ICDE, and VLDB. She is a senior member of the IEEE and a member of the ACM.