Support for discretionary role based access control in ACL-oriented operating systems
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Methods and Limitations of Security Policy Reconciliation
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
FINAL REPORT OF THE MULTICS KERNEL DESIGN PROJECT
FINAL REPORT OF THE MULTICS KERNEL DESIGN PROJECT
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
Aligning usability and security: a usability study of Polaris
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Distributed Systems: Principles and Paradigms (2nd Edition)
Distributed Systems: Principles and Paradigms (2nd Edition)
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Hi-index | 0.00 |
Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices with their own storage. Thus, a user's fear has shifted away from other users' impact on the same system to the threat of malice in the software they intentionally or even inadvertently run. As a result, we propose a new vision for access control: one where individual users are isolated by default and where the access of individual user applications is carefully managed. A key question is how much user administration effort would be required if a system implementing this vision were constructed. In this paper, we outline our work on just such a system, called PinUP, which manages file access on a per application basis for each user. We use historical data from our lab's users to explore how much user and system administration effort is required. Since administration is required for user sharing in PinUP, we find that sharing via mail and file repositories requires a modest amount of administrative effort, a system policy change every couple of days and a small number of user administrative operations a day. We are encouraged that practical administration on such a scale is possible given an appropriate and secure user approach.