Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students

Confining Root Programs with Domain and Type Enforcement (DTE)

Kenneth M. Walker, Daniel F. Sterne, M. Lee Badger, Michael J. Petkac, David L. Shermann, and Karen A. Oostendorp


The pervasive use of the root privilege is a central problem for UNIX security because an attacker who subverts a singel root program gains complete control over a computing system. Domain and type enforcement (DTE) is a strong, configurable operating system access control technology that can minimize the damage root programs can cause if subverted. DTE does this by preventing groups of root programs from accessing critical files in inappropriate access modes. This paper illustrates how a DTE-enhanced UNIX prototype, driven by simple, machine-interpretable DTE policies, can provide strong protection against specific classes of attacks by malicious programs that gain root privilege. We present a sequence of policy componenets that protest system binaries against Rootkit, a widely-used hacker toolkit, and protect password, system log, user, and device special files against other root-based attacks. Tradeoffs among DTE policy complexity, scope of protection, and other factors are discussed.

View the full text of this paper in POSTSCRIPT (241,531 Bytes) form.

To Become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 1 May 2002 aw
Conference Index