8/9/2019 Confossmy History

1/24

There and back

again

A history of access control systems

Malaysia Open Source Software Conference, 2010

Sam Moffatt

8/9/2019 Confossmy History

2/24

A history of access control 2

About Me

Sam Moffatt

[ pasamio ]

Development Co-ordinator, Joomla!Systems Co-ordinator, USQMaster of Computing Student, USQ

@Joomla: Joomla! Installer and Update Systems@USQ: ePrints, VUFind

Master of Computing, topic:Access control in semantic information systems

8/9/2019 Confossmy History

3/24

A history of access control 3

Access Control

Access Control?

8/9/2019 Confossmy History

4/24

A history of access control 4

Access Control

8/9/2019 Confossmy History

5/24

A history of access control 5

MULTICS

What's a MUTLICS?

8/9/2019 Confossmy History

6/24

A history of access control 6

MULTICS

8/9/2019 Confossmy History

7/24

A history of access control 7

MULTICS

8/9/2019 Confossmy History

8/24

A history of access control 8

MULTICS

Hardware protection

AND

Software protection

8/9/2019 Confossmy History

9/24

A history of access control 9

MULTICS

8/9/2019 Confossmy History

10/24

A history of access control 10

MULTICS Hardware Protection

8/9/2019 Confossmy History

11/24

A history of access control 11

MULTICS Software Protection

UNIX Access Controls

8/9/2019 Confossmy History

12/24

A history of access control 12

MULTICS Software Protection

Mandatory access control

8/9/2019 Confossmy History

13/24

A history of access control 13

DoD Orange Book

8/9/2019 Confossmy History

14/24

A history of access control 14

DoD Orange Book

DoD Orange Book was the standard for

system security Written by NCSC which was directed by a

former MULTICS developer

Orange Book had a distinct MULTICS feelto its design

Classified computer security from D

(minimal protection), C (discretionaryprotection), B (mandatory protection) andA (verified protection)

8/9/2019 Confossmy History

15/24

A history of access control 15

DoD Orange Book

MULTICS was rated at B2

Windows NT achieved C1

8/9/2019 Confossmy History

16/24

A history of access control 16

Windows NT

8/9/2019 Confossmy History

17/24

A history of access control 17

Windows NT

Introduced discretionary access control to

Windows: The ability to grant access to files

Inheritance for permissions

Windows 2000 adds the ability to explicitlydeny access

8/9/2019 Confossmy History

18/24

A history of access control 18

Windows NT

Windows defined three classes of

permissions: General permissions

Read, Write, Execute

Standard Permissions

Synchronise, Write DAC, Write Owner, ReadControl, Delete

Specific Permissions

Dependent on the individual type (e.g. file/folder)

8/9/2019 Confossmy History

19/24

A history of access control 19

Windows NT

8/9/2019 Confossmy History

20/24

A history of access control 20

File system security family tree

8/9/2019 Confossmy History

21/24

A history of access control 21

Windows NT

Windows' security model has heavily

influenced: POSIX ACL

NFSv4 ACL's

ZFS

HFS

8/9/2019 Confossmy History

22/24

A history of access control 22

Conclusion

Q&A

8/9/2019 Confossmy History

23/24

A history of access control 23

Q&A

Questions and Answers

Slid

8/9/2019 Confossmy History

24/24

A history of access control 24

Slides

These slides available on conf.oss.my

Also available on USQ ePrints: http://eprints.usq.edu.au/8331

My other papers/presentations:

http://eprints.usq.edu.au/profile/404

http://eprints.usq.edu.au/8331http://eprints.usq.edu.au/profile/404http://eprints.usq.edu.au/profile/404http://eprints.usq.edu.au/8331