Access Control and Operating Systems
Lab Overview. The objective of the exercises
presented here is to familiarize the students with the access control
features available in the Microsoft Windows, UNIX-based and Solaris
systems, and to induce the student to analyze the similarities and
differences in the access control in different operating systems.
This lab is used in
to Computer Security IS2150/TELECOM2810.
- A PC with Microsoft Windows 2000 installed on it.
- A PC with Linux installed on it.
- A PC with Solaris 8 (or above) installed on it.
Microsoft Windows. Access control refers to the ability
of a user to access a particular object and possibly modify it. In terms
of operating systems, access control refers to the ability of a user to
read, write or execute a certain file or folder. In this lab, you
shall study the access control framework for Microsoft Windows and
UNIX-based platforms, by taking Microsoft Windows 2000 and Linux as
The Microsoft Windows 2000/XP/2003 series of OSs introduced access
control for files, directories and devices. Before you can
understand how access control for these operating systems work you
much understand how objects are arranged on them.
The Active Directory service was introduced in the NT family of
operating systems as a means of arranging all users, devices and objects
at a centralized location and allowing these networked entities to find
each other through this service. Entities are known as objects and they
are arranged into a hierarchical structure known as the logical
structure by the administrators. A collection of objects that share the
same security policies is known as a domain (a container object) and
multiple domains can be arranged hierarchically into a tree. A forest is
a complete instance of the Active Directory that consists of a set of
Figure 1: Active Directory domains that trust each other through a
two-way transitive trust. This arrangement of objects into logical
structures enables easy management of the objects and allows for more
flexible access control. The place Active Directory has in the network
is shown in Figure 1.
Access token. Every entity, which can be users, groups, domains,
or processes has a Security
Identifier (SID) uniquely associated with it. The SID is very similar to
the UID in UNIX. Objects that
have some operations associated with them descriptor
and to which access must be controlled are
called securable objects. Securable objects have security descriptors
associated with them that consist of DACLs that describe which users or
groups have what access Access request: write
rights over them, SACLs that describe how auditing is done and the SID
of the owner of Figure 2: Example of Access Request the object. Every
time an object is created, a security descriptor can be assigned to it,
but if it is not assigned, it will inherit it from its parent object. A
security context is associated with every process (or user) which
describes which groups it belongs to, what privileges it has and what
accounts are associated with it. The security context is maintained in
an access token. ACLs for an object contain the SID of the intended
trustee and an access mask for the various access rights. When access is
requested, the access token of the accessing object, is checked with the
security descriptor of the accessed object, to see if the access should
be permitted or not. An example is given in figure 2.
security, to protect sensitive data, the Encrypted File System (EFS) was
introduced in the NT families. The EFS allows users to encrypt objects
created by them so that no other object can access them. The encryption
is done using an EFS certificate that the user gets and multiple users
can be added to allow access, with the help of their EFS certificates.