Discussion on Minimizing File Access Privilege

Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can ac...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ning, Jing-xuan, He, Hong-jun, Luo, Li, Li, Peng, Dong, Li-ming
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can access the file, and program least privilege is a set of file with the corresponding access mode with which the program can access the file. The paper discusses security properties of program least privilege in detail, and points out that the security risk of system is dynamic, and the user must be responsible for security, because that user's operations affect risk of system directly. Once a system satisfies program least privilege, it will be immune against most file attacks. Further more, granularity of privilege and security limitations are discussed, which are relevant to program least privilege.
DOI:10.1109/MMIT.2008.162