Check out the new USENIX Web site.

NetAuth: Supporting User-Based Network Services

Manigandan Radhakrishnan

University of Illinois at Chicago

Jon A. Solworth

University of Illinois at Chicago


In User-Based Network Services (UBNS), the process servicing requests from user $U$ runs under $U$'s ID. This enables (operating system) access controls to tailor service authorization to $U$. Like privilege separation, UBNS partitions applications into processes in such a way that each process' permission is minimized. However, because UBNS fundamentally affects the structure of an application, it is best performed early in the design process.

UBNS depends on other security mechanisms, most notably authentication and cryptographic protections. These seemingly straightforward needs add considerable complexity to application programming. To avoid this complexity, programmers regularly ignore security issues at the start of program construction. However, after the application is constructed, UBNS is difficult to apply since it would require significant structural changes to the application code.

This paper describes easy-to-use security mechanisms supporting UBNS, and thus significantly reducing the complexity of building UBNS applications. This simplification enables much earlier (and hence more effective) use of UBNS. It focuses the application developer's attention on the key security task in application development, partitioning applications so that least privilege can be effectively applied. It removes vulnerabilities due to poor application implementation or selection of security mechanisms. Finally, it enables significant control to be externally exerted on the application, increasing the ability of system administrators to control, understand, and secure such services.

Manigandan Radhakrishnan 2008-05-13