OPPapers.com

Access Control Lists

Introduction -
This report will look at various access control methods used by Operating Systems (OS) to control user access to files on a computer and what they can do once they have gained access. In this first section I will look at methods such as Access Control Lists(ACL’s), Capabilities and Encrypting file systems(EFS) and which Operating Systems use these as well as the advantages and disadvantages they have over each other. The second part of my report will focus on one OS and explain in detail the methods it uses to control file access and how it works.


Section A - Review of File Access Control mechanisms.

Access Control Lists -
Access Control Lists are used by OS’s such as Windows and UNIX. An ACL is a table that informs the OS of each users access rights to an object within the system, the object could be a program, a single file or a folder. Although ACL’s do the same task in a similar way, the different OS’s each have a different way of carrying it out.
With UNIX systems, including the older ones, at least one user would have access to all areas of the system, the idea of this being so that they control the systems for other users and grant or deny them access to various objects. By doing this, UNIX implies that the administrator should have the most control and other users have fewer privileges to reduce security breaches or damage. UNIX’s method of an ACL is the domain; this consists of pairs of objects and rights. The pair, called a tuple, names the object and what operations can be carried out on it. An object in a domain has up to three rights of access; read, write and execute. An object can be part of a number of domains, if it is, then it can have different rights in each domain that it is a part of. In UNIX, the domain has User and Group ID’s (UID, GID) that defines the protection of that domain. Different combinations of UID and GID’s on different objects allow it to be possible that a list of objects and its rights can...