http://www.usenix.org/events/sec08/tech/:

17th USENIX Security Symposium, San Jose CA USA, 28 July - 1 August 2008

NetAuth: Supporting User-Based Network Services
Manigandan Radhakrishnan, Jon A. Solworth

http://www.usenix.org/events/sec08/tech/full_papers/radhakrishnan/radhakrish
nan.pdf

Abstract

In User-Based Network Services (UBNS), the process
servicing requests from user U runs under U's ID. This
enables (operating system) access controls to tailor service
authorization to U. Like privilege separation, UBNS
partitions applications into processes in such a way that
each process' permission is minimized. However, because
UBNS fundamentally affects the structure of an
application, it is best performed early in the design process.
UBNS depends on other security mechanisms, most
notably authentication and cryptographic protections.

These seemingly straightforward needs add considerable
complexity to application programming. To avoid this
complexity, programmers regularly ignore security issues
at the start of program construction. However, after
the application is constructed, UBNS is difficult to apply
since it would require significant structural changes
to the application code.

This paper describes easy-to-use security mechanisms
supporting UBNS, and thus significantly reducing the
complexity of building UBNS applications. This simplification
enables much earlier (and hence more effective)
use of UBNS. It focuses the application developer's
attention on the key security task in application development,
partitioning applications so that least privilege can
be effectively applied. It removes vulnerabilities due to
poor application implementation or selection of security
mechanisms. Finally, it enables significant control to be
externally exerted on the application, increasing the ability
of system administrators to control, understand, and
secure such services.

@inproceedings{DBLP:conf/uss/RadhakrishnanS08,
  author    = {Manigandan Radhakrishnan and
               Jon A. Solworth},
  title     = {NetAuth: Supporting User-Based Network Services},
  booktitle = {USENIX Security Symposium},
  year      = {2008},
  pages     = {227-242},
  ee        =
{http://www.usenix.org/events/sec08/tech/full_papers/radhakrishnan/radhakris
hnan.pdf},
  crossref  = {DBLP:conf/uss/2008},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}

@proceedings{DBLP:conf/uss/2008,
  editor    = {Paul C. van Oorschot},
  title     = {Proceedings of the 17th USENIX Security Symposium, July
               28-August 1, 2008, San Jose, CA, USA},
  booktitle = {USENIX Security Symposium},
  publisher = {USENIX Association},
  year      = {2008},
  isbn      = {978-1-931971-60-7},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}