Improving the granularity of access control in Windows NT

Authors:
Michael M. Swift;Peter Brundrett;Cliff Van Dyke;Praerit Garg;Anne Hopkins;Shannon Chan;Mario Goertzel;Gregory Jensenworth
Affiliations:
Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA;Microsoft Corp., Redmond, WA
Venue:
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Year:
2001

Citing 11
Cited 4

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models

Computer
A lattice model of secure information flow

Communications of the ACM
The UNIX time-sharing system

Communications of the ACM
Microsoft Windows 2000 Driver Development Kit

Microsoft Windows 2000 Driver Development Kit
Providing Secure Environments for Untrusted Network Applications

WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Secure Applications Need Flexible Operating Systems

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
WindowBox: a simple security model for the connected desktop

WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
TRON: process-specific file protection for the UNIX operating system

TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Confining root programs with domain and type enforcement (DTE)

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Scale and performance in the Denali isolation kernel

ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Scale and performance in the Denali isolation kernel

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
An authorization scheme for version control systems

Proceedings of the 16th ACM symposium on Access control models and technologies
Formalising and validating RBAC-to-XACML translation using lightweight formal methods

ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the access control mechanisms in Windows 2000 that enable fine-grained protection and centralized management. These mechanisms were added during the transition from Windows NT 4.0 to support the Active Directory, a new feature in Windows 2000. We first extended entries in access control lists to allow rights to apply to just a portion of an object. The second extension allows centralized management of object hierarchies by specifying more precisely how access control lists are inherited. The final extension allows users to limit the rights of executing programs by restricting the set of objects they may access. These changes have the combined effect of allowing centralized management of access control while precisely specifying which accesses are granted to which programs.