One or more aspects relate to the data processing field. More specifically, one or more aspects relate to the control of access to a computing system.
The background of aspects of the present disclosure is hereinafter introduced with the discussion of techniques relating to its context. However, even when this discussion refers to documents, acts, devices and the like, it does not suggest or represent that the discussed techniques are part of the prior art or are common general knowledge in the field relevant to the aspects of the present disclosure.
Security is a key issue in modern computing systems, especially when they have a distributed architecture. A specific security aspect is the control of activities that may be performed on the computing system by different users (for example, for accessing protected resources thereof); this allows preventing unauthorized users that might perform undesired (and generally dangerous) activities on the computing system. For this purpose, the users are individually granted specific authorizations (i.e., permissions) to perform selected activities on the computing system (for example, by assigning them to predefined roles, such as end-user, developer, administrator).
However, some (unprivileged) users may sporadically need to perform (protected) activities that they are not authorized to perform normally; for example, a developer that has successfully tested a patch of a software application in a development environment may need the authorizations of an administrator to apply it into a production environment.
When this happens, other (privileged) users having the required authorizations are to be involved. This is very time-consuming because of the need of identifying the privileged users, contacting them and obtaining their availability, with a consequent performance degradation (for example, slowing down the fixing of problems in the computing system).
Moreover, the involvement of the privileged users is quite annoying for them. Therefore, it is a relatively common practice for the privileged users to provide their credentials (for example, identifiers and passwords) to the unprivileged users, thereby delegating them the performing of the protected activities. However, this may cause an uncontrolled spreading of the credentials of the privileged users, with consequent security exposures.
Alternatively, U.S. Pat. No. 8,490,093, the entire disclosure of which is hereby incorporated herein by reference, discloses a method for enabling a process to have elevated or escalated privileges to access system resources according to configuration or privilege data maintained in a memory area. Alternatively, when a disconnected user tries to run an untrusted application, the user is given the option of contacting his/her administrator for an identifying code that will allow that particular application to run (such as a one-time use code that will enable the application to run for some period of time specified by the administrator).
A similar mechanism is supported by many operating systems, which have commands allowing users to perform activities with the authorizations of other users (for example, the sudo command in Unix); the activities that may be performed by the users are specified in a configuration file, which provides a large amount of configurability (comprising enabling activities only from specific terminals, requiring re-entry of the passwords of the users).
However, the above-mentioned techniques require a quite complex configuration for defining the activities exceeding their authorizations that may be performed by the users. Moreover, the maintenance of this information is difficult, especially in highly dynamic environments (so that it might easily become out-of-date). All of the above involves an increase of the management costs of the computing system and of the risk of security exposures.