|Trust In Cyberspace|
source ref: ebooktrufi.html
Some Operating System
MS-DOS is an operating system designed to operate on single-user personal computers. As a consequence, it provides no identification and authentication mechanisms and neither discretionary nor mandatory access control mechanisms. Any user has access to all resources on the system. Any access control is provided solely by controlling physical access to the computer itself. If the computer is electronically connected to any other computer, no access control is possible.
UNIX is a multi-user operating system originally designed by Ken Thompson and Dennis Ritchie of Bell Laboratories. User identification is supported by password-based authentication. User IDs are associated with processes. UNIX provides a modified version of access control lists for files. For each file, three fields of access permissions are established, one for the file owner, one for the group in which the owner resides, and one for others (or everyone else). In each access field, permission to read, write, and execute the file is granted by the owner. For example, a file with access permissions rw-/rw-/r provides the owner read/write access, the owner's group read/write access, and all others only read access to the file. UNIX provides another feature that affects access controls. Each program can have the "setuid" attribute set; if set, the program runs with the access rights of the owner of the program, rather than those of the program's invoker. Thus, for practical purposes, the program's invoker can establish an effective identity other than his or her own that is to be used when determining access permissions.
Microsoft's Windows NT operating system is designed for worksta
|292 Appendix g|
tions and servers. User identity is authenticated using passwords. Every active subject in the system has an associated token that includes a unique identifier, a list of group identifiers, and a set of privileges that allows a subject to override restrictions set by the system. Every named object (e.g., files, directories, drivers, devices, and registry keys) in the system has an associated access control list (ACL). ACLs can ascribe generic rights (e.g., read, write, and delete) and specific rights that have semantics only for a specific class of objects. Mediation decisions are made by the Security Reference Monitor based upon the token of the subject, the ACL of the object, and the requested access right. There is provision in the system for "impersonation," that is, using authorization of another subject.
Finally, various products have been designed to provide access control mechanisms as add-ons for specific operating systems, to augment the basic operating system facilities. For example, RACF, ACF2, and Top Secret are all products designed for use with IBM's MVS (which has almost no intrinsic security).