As of the start of this blog, I am in my second course for my Masters of Science in Cybersecurity. This is an archived posting from the first course.
Topic - Operating Systems and Access Control
Discuss one aspect of access control (e.g., file access rights, privileges, ACL, etc.) in ensuring operating system security.
From March 23, 2012.
The According to Vacca, access control lists (ACL) provide access to certain resources and can be used for both physical access and electronic. "Implementing ACLs prevents end users from being able to access sensitive company information and helps them perform the jobs better by not giving them access to information that can act as a distraction" (Vacca, 2009, p257)
The Microsoft Windows operating systems use ACLs to protect securable objects such as files, directories, and registry keys. The ACLs are lists of access control entries, ACEs, which identify a trustee "and specifies the access rights allowed, denied, or audited for that trustee" (Microsoft, 2012) It actually uses two separate lists per object, discretionary access control list (DACL) and system access control list (SACL). The first is for controlling who accesses an object and the second is to log attempts to access the object. (Microsoft, 2012)
Whenever access to a securable object is attempted, the process accessing it is compared against the ACEs in the DACL. If there is no DACL associated with the object, everyone is granted access. When their is a DACL with no entries, everyone is denied access. Otherwise, the process is granted access if and only if there is no ACE denying it access and there is an ACE granting it.
The ACEs of the SACL for the object "specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in a SACL can generate audit records when an access attempt fails, when it succeeds, or both" (Microsoft, 2012).
Microsoft. (2012) Access Control Lists. Retrieved from http://msdn.microsoft.com/en-us/library/windows/desktop/aa374872%28v=vs.85%29.aspx
Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufman
No comments:
Post a Comment