You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

Improve Security Through Domain RBAC

Resource Isolation With Domain RBAC Helps Keep the AIX Environment More Secure

Resource Isolation With Domain RBAC Helps Keep the AIX Environment More Secure

Editor’s note: This is the second in a two-part series on AIX’s domain role-based access control feature (Domain RBAC). Part 1 provided a fundamental overview of this security function, while this article takes a deep dive into Domain RBAC technology on AIX.

As discussed in Part 1, security has become the major focus in today’s data-center/cloud-computing environment. Increasingly, security technologies are emerging to address system administrators’ concerns. One such technology is the domain’s support in the role-based access control (RBAC) feature of AIX.

The resource isolation that’s the foremost security requirement in a cloud-computing environment can be achieved by Domain RBAC. In a nutshell, the concept is: users can manage (with proper authorization) a resource only if they have membership to the domains that the resource belongs to. Before getting serious about domains, a few definitions are in order:

Subject: An entity trying to manage a resource/object. This entity is the one in need of the information from an object, typically a process running on behalf of a user.

Object/Resource: An entity that holds the information that can be managed by another entity, typically the subject. It is usually the target of the action, the entity on which the action is being performed. (Note: Both terms “object” and “resource” are used in the same context and mean the same.)

Domain: A category that an entity can belong to. When an entity belongs to a domain, access control to the entity is governed by certain rules. An entity could belong to more than one domain at a time. These are readable security tags.

With these definitions in place, the Domain RBAC is formally defined as “access of resources by the users will be gated and the access will be allowed based on the membership of the users to the resource’s domains.”

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

Guha Prasad Venkataraman is one of the AIX architects and leads the AIX India development team. He has 19 years of IT experience and has contributed toward AIX Network Security as well.

Pruthvi Panyam Nataraj is a senior programmer in AIX development and has worked across multiple components of the AIX OS. He is an expert on trusted platform architecture and was instrumental in the implementation of the Trusted Execution function in AIX 6,1. He also is an expert in IPSecurity and IKE2 protocols.

Saurabh Desai is an architect for AIX. He has more than 20 years of experience in the IT industry, mostly with IBM. Saurabh has in-depth knowledge of OS internals and has worked across AIX and Linux. He is an expert in process management and security. He led and implemented many of the security features in AIX 6.1.

Vidya Ranganathan started her career with IBM and has 13-plus years of IT experience. She is IBM Master Inventor and senior AIX kernel developer/technical advisor with expertise in security and file system technologies. She has worked on many areas including kernel debugger, memory subsystems and many more.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters