Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Specifying discretionary access control policy for distributed systems
Computer Communications - Special issue: Network management
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
ActiveX controls inside out (2nd ed.)
ActiveX controls inside out (2nd ed.)
Inside distributed COM
Administering NDS (corporate ed.)
Administering NDS (corporate ed.)
A lattice model of secure information flow
Communications of the ACM
Communications of the ACM
Active Directory Services for Microsoft Windows 2000
Active Directory Services for Microsoft Windows 2000
Providing Secure Environments for Untrusted Network Applications
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Secure Applications Need Flexible Operating Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Solaris Operating Environment Administrator's Guide
Solaris Operating Environment Administrator's Guide
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
WindowBox: a simple security model for the connected desktop
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Confining root programs with domain and type enforcement (DTE)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
The tees confidentiality model: an authorisation model for identities and roles
Proceedings of the eighth ACM symposium on Access control models and technologies
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Access control in a world of software diversity
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
A Monte Carlo framework to evaluate context based security policies in pervasive mobile environments
MobiDE '07 Proceedings of the 6th ACM international workshop on Data engineering for wireless and mobile access
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Describing access control models as design patterns using roles
Proceedings of the 2006 conference on Pattern languages of programs
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
An authorization scheme for version control systems
Proceedings of the 16th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
This article presents the mechanisms in Windows 2000 that enable fine-grained and centrally managed access control for both operating system components and applications. These features were added during the transition from Windows NT 4.0 to support the Active Directory, a new feature in Windows 2000, and to protect computers connected to the Internet. While the access control mechanisms in Windows NT are suitable for file systems and applications with simple requirements, they fall short of the needs of applications with complex data objects. Our goal was to use operating system access control mechanisms to protect a large object hierarchy with many types of objects, each with many data properties. We also wanted to reduce the exposure of users to untrustworthy or exploited programs.We introduced three extensions to support these goals. First, we extended the entries in access control lists to provide an unlimited number of access rights for a single object and to allow grouping those rights for efficiency. Second, we extended the entries to specify precisely how access control lists are assigned to each distinct type of object, instead of treating all types identically. Finally, we extended the data structure identifying users' identity to the operating system to allow users to restrict the set of objects a program may access. These changes allow a single access control mechanism to be used to protect both system and application resources, as well as protect users from each other and users from their programs, simplifying both program development and system management.