Operating Systems and Access Control
Today there are various aspects of access control that help administrators maintain systems security apart from the other features. In this paper I will describe one of such aspects, which is called Access Control List (ACL). It can be defined as a list of permissions or allowed access rights for users to certain objects (Ellen, 2000). Each entry in the list specifies which processes or users can have access to specific objects, and what operations can be performed on the objects (Mitchell, n.d.).
There are two types of ACLs that are commonly distinguished – Discretionary Access Control List (DACL) and System Access Control List (SACL). The first of them serves to identify those users and system processes that are denied or allowed access to a certain securable object. If an object doesn’t have DACL, everyone is free to access it. If there are no entries in this list, no one can access the object. SACL allows administrators to log all the attempts of access to a certain secured object (“Access Control Lists,” 2011). Every entry of such a list specifies the type of access attempts and makes the system record it is the security event log.
Thus, it is very convenient and effective to use ACLs for security purposes. In particular, servers can use security descriptors to control access to private objects. If a simple model is considered, server can create a single descriptor to establish access control over the overall server’s functionality and data (“ACL-based Access Control,” 2011; Clarkson, n.d.). In a more complex case, when flexibility is required, servers can create separate descriptors for all the private objects.
References
Access Control Lists. (2011). Retrieved from http://msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx
ACL-based Access Control. (2011). Retrieved from http://msdn.microsoft.com/en-us/library/windows/desktop/aa374933(v=vs.85).aspx
Clarkson, M. (n.d.). Access Control. Retrieved from http://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html
Ellen, N. (2000). Access control list. Retrieved from http://searchsoftwarequality.techtarget.com/definition/access-control-list
Mitchell, J. (n.d.). Access Control and Operating System Security. Retrieved from http://crypto.stanford.edu/cs155old/cs155-spring03/lecture9.pdf