Enforcing Flexible Access Control Policies in a Rust-based Linux Security Module
Lukas Fischer - TU Ilmenau

Access control policies enforced in operating systems (OSs) are pivotal to
support security requirements of applications. For a wide range of applications,
attribute-based access control (ABAC) has become a popular class of policies due
to its flexibility, expressiveness and scalability. Mainstream OSs, however,
predominantly use more restrictive policies, which are tightly coupled to their
abstractions. Not only does this limit the applicability to more dynamic use
cases, it also impedes formal policy analysis to enable correctness guarantees.

In order to provide these benefits to a mainstream OS and to explore the
challenges this integration poses, we present a first version of the Rust DABAC
LSM, a Linux Security Module (LSM) that supports flexible, formula-based ABAC
policies with state-changing post-conditions. We base this on a reference
monitor architecture pattern and choose to implement it in Rust for its
correctness guarantees.

In addition to the comprehensive performance evaluation of the implementation,
this talk presents the design of the Rust DABAC LSM. The focus lies on
constraints imposed on the design by strict locking requirements of the
enforced dynamic ABAC policies and on performance-enhancements through caching.