Fig. 7.29. Testing access In the example in Figure process, which speaks on
behalf of a user ID and Group 3 with ID 14, 52 and 72, trying to complete the
list (W) in the file. File owns user with the ID 17. The operating system,
received a request for the record, is the characteristics of the security file (on
disk or buffer in the system tray) and consistently compares all identifiers id
owner of the file and user IDs and groups of ACE. In this example, a model group,
which advocates on behalf of the process, namely 52, coincides with the ID part
of the ASE. Because you with ID 52 permitted operations reading (sign W is a set
of operations that element), the OS allowed to perform the operation. Described
summary chart storage of information on the rights of access and inspection
procedures are in each operating system, its own characteristics, which are
discussed further in the case of operating systems, UNIX and Windows NT.
The organization controls access to UNIX OS In UNIX OS access to the file or
directory defined for the three subjects: The owner of the file (ID User ID,
UID); Members of the group to which the owner (Group ID, GID); all other
users of the system. Given that the UNIX identified only three operations on
files and directories (read, write, perform), a file security features include
nine of specifying able to perform each of the three operations for each of the
three entities access. For example, if the owner of a file to allow
implementation of all three operations, members of group-reading and performance,
but for all other users, but only through, nine of security file as follows: rwx
r x r -- Here g, w and x denote operations read and write and perform
accordingly. It is in this manner displays information on the rights of access
to a team viewing files directory 1 s. All UNIX root access always allowed, so
the id (it is set to 0) did not appear in the access control lists. Each of the
two connected UNIX ID: user, whose name was created in the process, and the
group to which the user belongs. These identifiers are called real user IDs:
Real User ID, and real IDs RUID groups: Group Real ID, RGID. However,
verification of the file used those IDs, and the so-called effective user ID:
Effective User ID, EUID and effective group identifiers: Effective Group ID,
EGID (Figure 7.30). Efficient identification process can serve in some cases as
a user and group than those dostalis him at birth. In the original state of
effective identifiers correspond to reality. When the process is a systemic
challenge ehes run stored in a file in UNIX associated with the change of
executable code. In the process, the new code is implemented, and if the
security features of the file shows signs of a change of user IDs, and the group,
the change is effective identification process. The file is a sign of a change
of two ID-Set User ID on execution (SUID) and the Group Set ID on execution (SGID),
which allow the replacement of user IDs, and the group in the performance of the
file. Identifiers effective mechanism allowing users to receive certain types of
access, it is clearly not allowed, but only with a very limited set of
applications, which are stored in files with the signs of change IDs. An example
of such a situation is shown in Fig. 7.31. Initially, the process was efficient
and user IDs and groups (12 and 23 respectively), to coincide with the real. At
some stage in the process of requesting applications from file b. Ehe. The
process can execute file b. ehe, although its effective identifiers do not match
with ID owner and group file, as well as an authorized users. File '. Ehe has
installed signs of change IDs and SUID SGID, and simultaneously with the change
of the code change process and the importance of effective ID (35 and 47).
Consequently, in the subsequent attempts to write data to a file f 1. Doc A
process is not as effective its new ID group coincides with ID Group f1.doc file.
Without change IDs for the operation of A would be banned. The described
arrangement has the same objectives as discussed above mechanism subordinate
segments Pentium processor. Using the model file as a universal model to a
shared resource in UNIX apply the same mechanisms to control access to files,
directories, printers, terminals and shared memory segments. Management access
UNIX OS was developed in 70 th years and since then little has changed. This is
a simple system, in many cases to achieve the objectives of the administrator to
prevent unauthorized access, but such a decision sometimes requires too much
subterfuge or may not be realized. Organization of access control in Windows NT
Overview Access Management System in Windows NT is a high degree of flexibility
that is achieved through the wide variety of subjects and objects access, as
well as access detailed operations. For shared resources on Windows NT is a
common object model, which includes such security features as a set of allowable
operations, ID holder, access control list. Objects are created in Windows NT
for any resources if they are or are shared files, folders, devices, sections of
memory processes. Features of Windows NT are divided into two parts - the
general part, which does not depend on the type of facility, and individual
defined type facility. All objects are stored in the hierarchical tree structure,
elements of which are sized branch (directories) and sized leaves (files). To
file system of this pattern of relations is a direct reflection of the hierarchy
of directories and files. For the other types of hierarchical scheme has its own
content, for example, it reflects the context of "parent" descendant, and for
devices reflects belonging to a particular type of device and connection devices
with other devices, such as SCSI controllers from disks. Testing access to any
type of running centrally through security monitor (Security Reference Monitor),
working in a privileged mode. Centralization of access control improves the
reliability of information security operating system, compared with a
distributed implementation, when the various modules OS has its screening
procedures for access and the possibility of programmer error rises. For Windows
NT security system characterized by a large number of predefined entities (built)
access as individual users or groups. Thus, the system always has such users as
Administrator, and Guest System, as well as Users Group, Administrators, Account
Operators, Server Operators, and other Everyone. The idea of fixed users and
groups is that they have certain rights, facilitating the administrator to
create an effective access control system. Adding a new user administrator can
only decide which group or groups include the user. Of course, the administrator
can create new groups, as well as add to the right team built for its own
security policy, but in many cases built groups are quite sufficient. Windows NT
supports three classes of access operations, which are the type of players and
facilities involved in these operations. Permits (permissions) is the number
of transactions that can be defined for all types of entities in relation to
objects of any type: files, directories, printers, memory sections, etc. Permits
for their appointment with the rights of access to files and directories in UNIX
OS. Rights (user rights) - type defined for the group of actors to perform
some system operations: system installation time, archiving files, turn off the
computer, etc. In these transactions involved a special-access facility
operating system as a whole. Basically, it is right and not a distinguished one
built by another group of users. Some have built-rights groups are also built-in
to this group can not be removed. More rights groups can be built to remove (or
add to the general list of rights). Potential users (user abilities) are
determined for individual users to perform actions related to the formation of
the operating environment, such as changing the composition of the main menu
programs, access to menu Run (do), etc. By reducing the range of possibilities (which
default by the user), the administrator can "compel" the user to work with the
operating environment, the administrator finds that the most appropriate and
shielded from the user's mistakes. The rights and permissions, the group is
automatically available to its members, allowing the administrator to consider a
large number of users as a unit of account information and minimize their
actions. Check access permissions of an object in Windows NT are largely in line
with the overall scheme of access provided in Fig. 7.29. With User login it is
the so-called token access (access token), which includes the user ID and ID for
all teams entered by the user. In token, there are also: access control list (ACL)
by default, which consists of permits and the process used to created objects;
List user to perform system actions. All objects, including files, streams,
events, even tokeny access when they are created, supplied handle security.
Descriptor security access control lists-ACL. The owner of the facility, usually
the person who created it, has the right to control access to the polling sites,
and can change the ACL facility to allow or not to allow others to access the
facility. Built administrator Windows NT, unlike UNIX root may be some permits
access to the facility. To realize this potential identifiers administrator
group administrators can enter the ACL as identifiers of ordinary users. However,
the administrator does have the opportunity to perform any operations with any
objects, as it can always become the owner of the facility, and then as owner of
a complete set of permits. But back possession of a previous owner of the
administrator can not, so you can always know that his file, or printer worked
as an administrator. At the request of some operations access to the facility in
Windows NT administration has always referred monitor security, which compares
the user IDs and user of token access identifiers stored in the elements of the
ACL. Unlike UNIX elements ACL Windows NT may be allowed as lists, and lists of
banned user operations. Security system could verify permission each time when
using the facility. But ACL list consists of many elements, a process during its
existence, could have access to many facilities, and the number of active
processes in each time also high. Therefore, testing is done only at each
opening, but not every use of the facility. To change the situation in some of
their IDs in Windows NT is the embodiment of the mechanism (impersonation).
Windows NT is simple entities and entities servers. The simple subject is a
process which is not permitted to change the access token and hence change IDs.
Entity server is a process that works as a server and service processes of their
clients (for example, the file server). Therefore, such a process is allowed to
get access to the token Trial client, seeking a server perform some action, and
use it to access sites. In Windows NT clearly defined rules for the newly
created assigned list ACL. If the concern code when creating an object clearly
specifies all access rights to the newly created object, the security attributes
of the object ACL. If the concern is not supplied a list of ACL, and the
facility is named, then the principle of succession. Security system scans ACL
of a directory of the location of the name of the new facility. Some of the
entrances ACL directory sites can be labeled inherited. This means that they can
be assigned to new objects created in the directory. In the case where the
process is not explicitly asked for a list of ACL object and the object
directory is not inherited elements ACL, ACL is a list of default access token
process. Inheritance permits is used most often when a new facility. It is
particularly effective when creating files, as well as the operation is
performed in the most. Permission to access directories and files In Windows NT
administrator can manage user access to directories and files in a partition, in
which a file system NTFS. Sections FAT remedies are not supported Windows NT, as
a FAT file and directory attributes not to store access control lists. Access to
directories and files is controlled through the installation permits. Permits
for Windows NT are customized and standard. Individual authorizations are
elementary operations of directories and files, a standard of a merger of
several individual permits. The following table shows the six individual permits
(elementary operations), the meaning of which is for directories and files.
Files in Windows NT 4 is a standard: No Access, Read, Full and Change Control,
which combine individual permits listed in the following table. A Full Control
Change differs from that gives the right to change permissions (Change
Permission) and take possession file (Take Ownership). For directories in
Windows NT identified seven standard permits: No Access, List, Read, Add, Add &
Read, Full and Change Control. The following table shows that the standard of
individual permits for directories, as well as the manner in which they
converted to a standard individual permissions for files in a directory if files
inherit a catalogue. When you create a file, he inherits a way out of the
directory only if the directory is a sign of his inheritance. Standard shell
Windows NT-Windows Explorer is not allowed to sign a permission for each
individual (ie a mask inheritance), managing succession of "all or nothing".
There are a number of rules that determine action permits. Users can work with
a file or directory unless they have explicit permission to do so or they do not
belong to a group that has a permit. Permits are cumulative effect, with the
exception of No Access, which overrides all other existing permit. For example,
if the group is allowed Engineering Change for a file, a group of Finance has
for the file only a Read and Smith is a member of both groups, with Petrova will
permit Change. But if permission for a group of Finance change to No Access, the
Petrov will not be able to use the file, despite the fact that he was a member
of the group, which has access to the file. By default, the Windows Explorer
window reflected the standard of law and the transition to reflect individual
rights only in the performance of some action. This stimulates the administrator
and users to use those sets of rights that OS developers felt most comfortable.
|