This report will look at various access control methods used by Operating Systems (OS) to control user access to files on a computer and what they can do once they have gained access. In this first section I will look at methods such as Access Control Lists(ACL’s), Capabilities and Encrypting file systems(EFS) and which Operating Systems use these as well as the advantages and disadvantages they have over each other. The second part of my report will focus on one OS and explain in detail the methods it uses to control file access and how it works.
Section A - Review of File Access Control mechanisms.
Access Control Lists -
Access Control Lists are used by OS’s such as Windows and UNIX. An ACL is a table that informs the OS of each users access rights to an object within the system, the object could be a program, a single file or a folder. Although ACL’s do the same task in a similar way, the different OS’s each have a different way of carrying it out.
With UNIX systems, including the older ones, at least one user would have access to all areas of the system, the idea of this being so that they control the systems for other users and grant or deny them access to various objects. By doing this, UNIX implies that the administrator should have the most control and other users have fewer privileges to reduce security breaches or damage. UNIX’s method of an ACL is the domain; this consists of pairs of objects and rights. The pair, called a tuple, names the object and what operations can be carried out on it. An object in a domain has up to three rights of access; read, write and execute. An object can be part of a number of domains, if it is, then it can have different rights in each domain that it is a part of. In UNIX, the domain has User and Group ID’s (UID, GID) that defines the protection of that domain. Different combinations of UID and GID’s on different objects allow it to be possible that a list of objects and its rights can be made. If two processes have the same combination, then they will have the same set of objects, however, if they have a different combination they will have different access rights to different files (Dr. Nikolai Bezroukov. 2008). UNIX groups allow objects to be shared with users, a list associates the users with at least one group and the object is linked to the group. Although the idea of a UNIX group administration is good it has its problems. It does not allow nesting, (groups containing other groups as members); another problem is that UNIX has a limit to the number of groups a user or process can be connected to. UNIX’s new method of group administration is for a user to have a GUID (Group User ID).
The different models of the Windows Operating System all have some form of ACL to control access, although the way that it’s implemented is different between each. Windows, like UNIX, requires an administrator to have privileged access to the whole system to enable them to be able to control what other users can access. In Windows 2000 each control list is joined with a system object. An ACL contains a number of Access Control Entities (ACE’s) with consist of users or group. An access mask is a string of bits which states the access privileges for the entities. With Windows, and object can have two ACL’s, a DACL which contains the information on which users are able to access to object and which are denied. It can also belong to the System ACL (SACL). A thread is the execution of an object; the thread itself will have no ID on the system so uses the ID of the user or group controlling it. When the thread tries executing a file, the OS’s security subsystem will check the DACL for any entities that have something in common with the user. The system then runs through each ACE until it finds whether the user, or group the user belongs to should be given access to or denied from the object. In some cases however,...