Access Control and Operating Systems

Lab Overview.  The objective of the exercises presented here is to familiarize the students with the access control features available in the Microsoft Windows, UNIX-based and Solaris systems, and to induce the student to analyze the similarities and differences in the access control in different operating systems.  This lab is used in Introduction to Computer Security IS2150/TELECOM2810

Required Equipment/Software.   

  • A PC with Microsoft Windows 2000 installed on it.
  • A PC with Linux installed on it.
  • A PC with Solaris 8 (or above) installed on it.

Microsoft Windows.  Access control refers to the ability of a user to access a particular object and possibly modify it. In terms of operating systems, access control refers to the ability of a user to read, write or execute a certain file or folder. In this lab, you  shall study the access control framework for Microsoft Windows and UNIX-based platforms, by taking Microsoft Windows 2000 and Linux as respective examples.

The Microsoft Windows 2000/XP/2003 series of OSs introduced access control for files, directories and devices.  Before you can understand how access control  for these operating systems work you much understand how objects are arranged on them.  The Active Directory service was introduced in the NT family of operating systems as a means of arranging all users, devices and objects at a centralized location and allowing these networked entities to find each other through this service.  Entities are known as objects and they are arranged into a hierarchical structure known as the logical structure by the administrators. A collection of objects that share the same security policies is known as a domain (a container object) and multiple domains can be arranged hierarchically into a tree. A forest is a complete instance of the Active Directory that consists of a set of Figure 1: Active Directory domains that trust each other through a two-way transitive trust. This arrangement of objects into logical structures enables easy management of the objects and allows for more flexible access control. The place Active Directory has in the network is shown in Figure 1.

Figure 1

Access token.  Every entity, which can be users, groups, domains, or processes has a Security Identifier (SID) uniquely associated with it. The SID is very similar to the UID in UNIX. Objects that have some operations associated with them descriptor and to which access must be controlled are called securable objects. Securable objects have security descriptors associated with them that consist of DACLs that describe which users or groups have what access Access request: write Action: denied rights over them, SACLs that describe how auditing is done and the SID of the owner of Figure 2: Example of Access Request the object. Every time an object is created, a security descriptor can be assigned to it, but if it is not assigned, it will inherit it from its parent object. A security context is associated with every process (or user) which describes which groups it belongs to, what privileges it has and what accounts are associated with it. The security context is maintained in an access token. ACLs for an object contain the SID of the intended trustee and an access mask for the various access rights. When access is requested, the access token of the accessing object, is checked with the security descriptor of the accessed object, to see if the access should be permitted or not. An example is given in figure 2.

Figure 2

For added security, to protect sensitive data, the Encrypted File System (EFS) was introduced in the NT families. The EFS allows users to encrypt objects created by them so that no other object can access them. The encryption is done using an EFS certificate that the user gets and multiple users can be added to allow access, with the help of their EFS certificates.