chore: Update references, cite our research work and update FAQ

README.md

@@ -172,30 +172,4 @@ This project includes [sudo-rs](https://github.com/memorysafety/sudo-rs) code li
 We have included cutils.rs, securemem.rs to make work the rpassword.rs file. Indeed, We thought that the password was well managed in this file and we have reused it. As sudo-rs does, rpassword.rs is from the rpassword project (License: Apache-2.0). We use it as a replacement of the rpassword project usage.
 
 
-## References
-
-[1] PAM repository : <https://github.com/linux-pam/linux-pam>
-
-[2] libcap repository : <https://github.com/mhiramat/libcap>
-
-Very helpful site, where you can find some informations about PAM, libcap and the capabilities:
-
-[3] Original paper about capabilities : <https://pdfs.semanticscholar.org/6b63/134abca10b49661fe6a9a590a894f7c5ee7b.pdf>
-
-[4] Article about the capabilities : <https://lwn.net/Articles/632520/>
-
-[5] Article about Ambient : <https://lwn.net/Articles/636533/>
-
-[6] Simple article with test code for Ambient : <https://s3hh.wordpress.com/2015/07/25/ambient-capabilities/>
-
-[7] Article about how PAM is working : <https://artisan.karma-lab.net/petite-introduction-a-pam>
-
-[8] A very helpful code about how to create a PAM module : <https://github.com/beatgammit/simple-pam>
-
-Source of the scenarios code:
-
-[9] Where I have found the simple Python code for HTTP server : <https://docs.python.org/2/library/simplehttpserver.html>
-
-[10] Where I have found the simple PRELOAD code : <https://fishi.devtail.io/weblog/2015/01/25/intercepting-hooking-function-calls-shared-c-libraries/>
-
-[11] Serge E.Hallyn, Andrew G.Morgan, “Linux capabilities: making them work”, The Linux Symposium, Ottawa, ON, Canada (2008), <https://www.kernel.org/doc/ols/2008/ols2008v1.pages-163.172.pdf>
+## [Link to References](https://lechatp.github.io/RootAsRole/bibliography.html)

book/src/README.md

@@ -27,6 +27,18 @@ You can find more information about this command in the [sr](sr/README.md) secti
 
 The `chsr` command allows you to configure the roles and capabilities of the system. You can find more information about this command in the [Configure RootAsRole](chsr/README.md) section.
 
+## Our Research Articles
+
+In 2021, we published our first research article about RootAsRole project @@wazanRootAsRoleSecureAlternative2021. This article present the pilot implementation of RootAsRole project and the main features of the project.
+
+In 2022, we published a journal article about our finding with the `capable` tool thus to simplify RootAsRole configuration @@wazanRootAsRoleSecurityModule2022. This article was more focused on the eBPF feature, and tool outputs analysis.
+
+In 2023, we published a third article about explaining linux kernel issues @@billoirImplementingPrincipleLeast2023. This article proposes enhancements to achieving a balance between usability and the principle of least privilege, emphasizing the need for precise capability definitions.
+
+In May 2024, we published a more general article about the Administrative privilege on various OS @@billoirImplementingPrincipleLeast2024. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations.
+
+In July 2024, we studied how to integrate RootAsRole on today's production environment as the project becomes a mature project. This article presents a semi-automated process that improves Ansible-based deployments to have fine-grained control on administrative privileges granted to Ansible tasks. This article is not yet published.
+
 ## Comparison with sudo 
 
 By using a role-based access control model, this project allows us to better manage administrative tasks. With this project, you could distribute privileges and prevent them from escalating directly. Unlike sudo does, we don't want to give entire privileges for any insignificant administrative task. You can configure our tool easily with `chsr` command. To find out which capability is needed for a administrative command, we provide the `capable` command. With these two tools, administrators could configure its system to respect the least privilege principle.

book/src/faq.md

@@ -6,4 +6,12 @@ This page contains known issues and solutions for RootAsRole project.
 
 capable is a tool based on eBPF features, so it requires a Linux kernel version 4.1 or later. Additionnally you need many kernel features enabled, [described here](https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration). It is also, possible that the program cannot allocate memory, in this case you may consider to add CAP_SYS_RESOURCE capability to the program, but this may not solve completely the issue.
 
-Finally, if you want that capable works on your OS, you can 1) open an issue on the [GitHub repository](http://github.com/LeChatP/RootAsRole), 2) create a Vagrantfile in [test/capable/](https://github.com/LeChatP/RootAsRole/tree/develop/tests/capable) directory and a script to reproduce the issue/and or fix the problem. Note: Community Vagrant images may create more issues than they solve. For example, I never managed to make capable work on ArchLinux images, but my development machine is an ArchLinux.
+Finally, if you want that capable works on your OS, you can 1) open an issue on the [GitHub repository](http://github.com/LeChatP/RootAsRole), 2) create a Vagrantfile in [test/capable/](https://github.com/LeChatP/RootAsRole/tree/develop/tests/capable) directory and a script to reproduce the issue/and or fix the problem. Note: Community Vagrant images may create more issues than they solve. For example, I never managed to make capable work on ArchLinux images, but my development machine is an ArchLinux.
+
+## Why capable do not show expected capabilities ?
+
+Many reasons can explain that capable does not show expected capabilities. Here are some of them:
+
+1. You access to files that matches with ACLs, so you do not need any capabilities to access to restricted files. This case is better than granting CAP_DAC_OVERRIDE to the program.
+1. The program exit before the capabilities are requested. In this case, you may consider granting the blocking capability to the program.
+1. The program checks uid == 0. In this case, you may consider to change to root user. capable may misbehave when working as the root user. I am still investigating this issue.

book/src/references.bib

@@ -104,3 +104,66 @@ @article{ferraioloProposedNISTStandard2001
 	langid = {english},
 	file = {Ferraiolo et al_2001_Proposed NIST standard for role-based access control.pdf:/home/ebilloir/Zotero/storage/U5ID298G/Ferraiolo et al_2001_Proposed NIST standard for role-based access control.pdf:application/pdf},
 }
+
+
+@inproceedings{billoirImplementingPrincipleLeast2023,
+	address = {Montreal, QC, Canada},
+	title = {Implementing the {Principle} of {Least} {Privilege} {Using} {Linux} {Capabilities}: {Challenges} and {Perspectives}},
+	isbn = {9798350342871},
+	shorttitle = {Implementing the {Principle} of {Least} {Privilege} {Using} {Linux} {Capabilities}},
+	url = {https://ieeexplore.ieee.org/document/10339753/},
+	doi = {10.1109/CSNet59123.2023.10339753},
+	abstract = {Historically and by default, Linux does not respect the principle of least privilege because it grants all the privileges to administrators to execute their tasks. With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. The Linux operating system since version 2.2 divides the privileges associated with the superuser into distinct units called capabilities. Linux capabilities allow coarse-grained access control to restricted system features. The “RootAsRole” project is introduced as a solution for delegating administrative tasks while matching the necessary capabilities. However, limitations in user experience and the mapping of Linux capabilities pose significant obstacles. This paper proposes enhancements to achieving a balance between usability and the principle of least privilege, emphasizing the need for precise capability definitions. Future work involves enhancing the RootAsRole access control model and addressing the need for a comprehensive administration access control framework for managing Linux capabilities effectively.},
+	urldate = {2023-12-21},
+	booktitle = {2023 7th {Cyber} {Security} in {Networking} {Conference} ({CSNet})},
+	publisher = {IEEE},
+	author = {Billoir, Eddie and Laborde, Romain and Wazan, Ahmad Samer and Rütschlé, Yves and Benzekri, Abdelmalek},
+	month = {oct},
+	year = {2023},
+	pages = {130--136},
+}
+
+
+@article{billoirImplementingPrincipleLeast2024,
+	title = {Implementing the principle of least administrative privilege on operating systems: challenges and perspectives},
+	issn = {1958-9395},
+	shorttitle = {Implementing the principle of least administrative privilege on operating systems},
+	url = {https://doi.org/10.1007/s12243-024-01033-5},
+	doi = {10.1007/s12243-024-01033-5},
+	abstract = {With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.},
+	language = {en},
+	urldate = {2024-07-03},
+	journal = {Annals of Telecommunications},
+	author = {Billoir, Eddie and Laborde, Romain and Wazan, Ahmad Samer and Rütschlé, Yves and Benzekri, Abdelmalek},
+	month = {may},
+	year = {2024},
+	keywords = {Access control, Administrative privileges, FreeBSD, Linux, Operating system, Principle of least privilege, Solaris, Windows},
+}
+
+
+@article{wazanRootAsRoleSecurityModule2022,
+	title = {{RootAsRole}: a security module to manage the administrative privileges for {Linux}},
+	issn = {0167-4048},
+	url = {https://www.sciencedirect.com/science/article/pii/S0167404822003753},
+	doi = {https://doi.org/10.1016/j.cose.2022.102983},
+	abstract = {Today, Linux users use sudo/su commands to attribute Linux's administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users who have good knowledge of the syntax of LSM modules’ policies. Adding or editing an existing policy is a very time-consuming process because LSM modules require adding a complete list of traditional permissions as well as administrative privileges. We propose a new Linux module called RootAsRole that is dedicated to the management of administrative privileges. RootAsRole is not proposed to replace LSM modules but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable.},
+	journal = {Computers \& Security},
+	author = {Wazan, Ahmad Samer and Chadwick, David W. and Venant, Remi and Billoir, Eddie and Laborde, Romain and Ahmad, Liza and Kaiiali, Mustafa},
+	year = {2022},
+	keywords = {Access control, Linux capabilities, Privilege escalation, Sudo/su},
+	pages = {102983},
+}
+
+
+@inproceedings{wazanRootAsRoleSecureAlternative2021,
+	address = {Cham},
+	title = {{RootAsRole}: {Towards} a {Secure} {Alternative} to sudo/su {Commands} for {Home} {Users} and {SME} {Administrators}},
+	isbn = {978-3-030-78120-0},
+	abstract = {The typical way to run an administrative task on Linux is to execute it in the context of a super user. This breaks the principle of least privilege on access control. Other solutions, such as SELinux and AppArmor, are available but complex to use. In this paper, a new Linux module, named RootAsRole, is proposed to allow users to fine-grained control the privileges they grant to Linux commands as capabilities. It adopts a role-based access control (RBAC) [14], in which administrators can define a set of roles and the capabilities that are assigned to them. Administrators can then define the rules controlling what roles users or groups can assign to themselves. Each time a Linux user wants to execute a program that necessitates one or more capabilities, (s)he should assign the role to him/herself that contains the needed capabilities, providing there is a rule that allows it. A pilot implementation on Linux systems is illustrated in detail.},
+	booktitle = {{ICT} {Systems} {Security} and {Privacy} {Protection}},
+	publisher = {Springer International Publishing},
+	author = {Wazan, Ahmad Samer and Chadwick, David W. and Venant, Remi and Laborde, Romain and Benzekri, Abdelmalek},
+	year = {2021},
+	pages = {196--209},
+}
+