Discussion on Minimizing File Access Privilege

Author

Ning Jing-xuan ; He Hong-jun ; Luo Li ; Li, Luo ; Dong Li-ming

Author_Institution

Sch. of Comput. Sci., Nat. Univ. of Defense Technol., Changsha

fYear

2008

fDate

30-31 Dec. 2008

Firstpage

801

Lastpage

804

Abstract

Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can access the file, and program least privilege is a set of file with the corresponding access mode with which the program can access the file. The paper discusses security properties of program least privilege in detail, and points out that the security risk of system is dynamic, and the user must be responsible for security, because that user´s operations affect risk of system directly. Once a system satisfies program least privilege, it will be immune against most file attacks. Further more, granularity of privilege and security limitations are discussed, which are relevant to program least privilege.

Keywords

authorisation; file organisation; computer system design; file access control; file access privilege; program least privilege; security property; user least privilege; Access control; Computer errors; Computer science; Error correction; File servers; File systems; Information security; Microcomputers; National security; Power system security; access control; program least previlege; user least previlege;

fLanguage

English

Publisher

ieee

Conference_Titel

MultiMedia and Information Technology, 2008. MMIT '08. International Conference on

Conference_Location

Three Gorges

Print_ISBN

978-0-7695-3556-2

Type

conf

DOI

10.1109/MMIT.2008.162

Filename

5089244