Title :
Discussion on Minimizing File Access Privilege
Author :
Ning Jing-xuan ; He Hong-jun ; Luo Li ; Li, Luo ; Dong Li-ming
Author_Institution :
Sch. of Comput. Sci., Nat. Univ. of Defense Technol., Changsha
Abstract :
Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can access the file, and program least privilege is a set of file with the corresponding access mode with which the program can access the file. The paper discusses security properties of program least privilege in detail, and points out that the security risk of system is dynamic, and the user must be responsible for security, because that user´s operations affect risk of system directly. Once a system satisfies program least privilege, it will be immune against most file attacks. Further more, granularity of privilege and security limitations are discussed, which are relevant to program least privilege.
Keywords :
authorisation; file organisation; computer system design; file access control; file access privilege; program least privilege; security property; user least privilege; Access control; Computer errors; Computer science; Error correction; File servers; File systems; Information security; Microcomputers; National security; Power system security; access control; program least previlege; user least previlege;
Conference_Titel :
MultiMedia and Information Technology, 2008. MMIT '08. International Conference on
Conference_Location :
Three Gorges
Print_ISBN :
978-0-7695-3556-2
DOI :
10.1109/MMIT.2008.162
