Michael M. Swift
ABSTRACT
This paper presents the access control mechanisms in Windows 2000 that enable fine-grained protection and centralized management. These mechanisms were added during the transition from Windows NT 4.0 to support the Active Directory, a new feature in Windows 2000. We first extended entries in access control lists to allow rights to apply to just a portion of an object. The second extension allows centralized management of object hierarchies by specifying more precisely how access control lists are inherited. The final extension allows users to limit the rights of executing programs by restricting the set of objects they may access. These changes have the combined effect of allowing centralized management of access control while precisely specifying which accesses are granted to which programs.
- 1.M. Abadi, M. Burrows, B. Lampson, and G. Plotkin, A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 15(4):706--734, Oct. 1993.]] Google Scholar
Digital Library
- 2.D. Balfanz, and D. Simon, WindowBox: A Simple Security Model for the Connected Desktop. In Proceedings of the 4th USENIX Windows Systems Symposium, Aug. 2000.]] Google ScholarDigital Library
- 3.D. Bell and L. LaPadula, Secure Computer System: Unified Exposition and the Multics Interpretation. Technical Report No. ESD-TR-75-306, Electronics Systems Division,AFSC, Manscom AF Base, Bedford, MA, 1976.]]Google ScholarCross Ref
- 4.A. Berman, V. Bourassa, and E. Selberg, TRON: Processspecific file protection for the UNIX operating system. In Proceedings of the 1995 USENIX Winter Technical Conference, pages 165-175. Jan. 1995.]] Google ScholarDigital Library
- 5.B. Callaghan, B. Pawloski and P. Staubach, NFS Version 3 Protocol Specification. Request for Comments RFC 1813, Internet Engineering Task Force, Jun. 1995.]] Google ScholarDigital Library
- 6.Computer Emergency Response Team, CERT Advisory CA-2000- 16 Microsoft 'IE Script'/Access/OBJECT Tag Vulnerability. http://www.cert.org/advisories/CA-2000-16.html, Aug. 2000.]]Google Scholar
- 7.G. Clemm, A. Hopkins, E. Sedlar and J. Whitehead, WebDAV Access Control Protocol. Internet draft draft-ietf-webdav-acl- 04, Intnernet Engineering Task Force, Jan. 2001.]]Google Scholar
- 8.D. Denning, A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5), pages 236-243, Aug. 1976.]] Google ScholarDigital Library
- 9.T. Dierks and C. Allen, The TLS Protocol. Request for Comments RFC 2246, Internet Engineering Task Force, Jan. 1999.]]Google Scholar
- 10.I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications --- Confining the Wily Hacker. In Proceedings of the 1996 USENIX Security Symposium.]] Google ScholarDigital Library
- 11.J. Kohl and B. C. Neuman. The Kerberos Network Authentication Service (V5). Request for Comments (Proposed Standard) RFC 1510, Internet Engineering Task Force, Sep. 1993.]] Google ScholarDigital Library
- 12.J. Kohl, B. C. Neuman, and T. Y. T'so. The Evolution of the Kerberos Authentication System. In Distributed Open Systems, pages 78-94. IEEE Computer Society Press, 1994]]Google Scholar
- 13.P. J. Leach and R. Salz, UUIDs and GUIDs. Internet Draft draft-leach-uuids-guids-01.txt. Internet Engineering Task Force, Feb. 1998.]]Google Scholar
- 14.J. Linn, Generic Security Service API, Request For Comments RFC 1508, Internet Engineering Task Force, Sep. 1993.]]Google Scholar
- 15.D. Mackey and R. Salz, DCE ACL Library - Functional Specification, OSF DCE SIG Request For Comments 46.0, Oct. 1993.]]Google Scholar
- 16.D. Mazieres and M. F. Kaashoek, Secure Applications Need Flexible Operating Systems. In Proceedings of the 6 th Workshop on Hot Topics in Operating Systems, May 1997.]] Google ScholarDigital Library
- 17.Microsoft Corp., Windows 2000 Active Directory, http://www.microsoft.com/widows2000/guide/server/features/ directory.asp, 2000.]]Google Scholar
- 18.Microsoft Knowledge Base, Large Numbers of ACEs in ACLs Impair Directory Service Performance, http://support.microsoft.com/support/kb/articles/q271/8/76.asp, 2000.]]Google Scholar
- 19.Microsoft Corp., Distributed Component Object Model. http://www.microsoft.com/com/tech/dcom.asp, 1998.]]Google Scholar
- 20.Microsoft Corp., ActiveX Controls, http://microsoft.com/ com/tech/activex.asp, 1999.]]Google Scholar
- 21.Novell Inc., NDS 8. http://www.novell.com/documentation/ lg/nds8/docui/index.html, 1999.]]Google Scholar
- 22.D. Ritchie, and K. Thompson, The UNIX Timesharing System. Communications of the ACM, 17(7), pages 365-375, Jul. 1974.]] Google ScholarDigital Library
- 23.J. Saltzer and M. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE 63(9), pages 1278-1308, Sep. 1975.]]Google Scholar
- 24.R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role- Based Access Control Models. IEEE Computer, 29(2) pages 38- 47, Feb. 1996.]] Google ScholarDigital Library
- 25.M. Swift, J. Trostle, J. Brezak and B. Gossman, Kerberos Set/Change Password: Version 2, Internet Draft draft-ietf-catkerberos-set-passwd-03 Internet Engineering Task Force, Apr. 2000.]]Google Scholar
- 26.K. Walker, D. Sterne, M. Badger, M. Petkac, D. Shermann, and K. Oostendorp, Confining Root Programs with Domain and Type Enforcement (DTE). In Proceedings of the 6 th USENIX Security Symposium, Jul. 1996.]] Google ScholarDigital Library
- 27.Q. Zhong, Providing Secure Environments for Untrusted Network Applications. In Proceedings of the 2 nd IEEE International Workshop on Enterprise Security, Jun. 1997.]] Google ScholarDigital Library
Index Terms
- Improving the granularity of access control in Windows NT
Recommendations
Improving the granularity of access control for Windows 2000
This article presents the mechanisms in Windows 2000 that enable fine-grained and centrally managed access control for both operating system components and applications. These features were added during the transition from Windows NT 4.0 to support the ...
A System for Centralized ABAC Policy Administration and Local ABAC Policy Decision and Enforcement in Host Systems using Access Control Lists
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access ControlWe describe a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions regarding those policies for protection of resource repositories in host systems using their native Access Control ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Comments