Improving the granularity of access control in Windows NT

Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)

Volumn , Issue , 2001, Pages 87-96

  Swift, Michael M ^a,b   Brundrett, Peter ^a   Van Dyke, Cliff ^a   Garg, Praerit ^a   Hopkins, Anne ^a   Chan, Shannon ^a   Goertzel, Mario ^a   Jensenworth, Gregory ^a  

^a MICROSOFT   (United States)

^b UNIVERSITY OF WASHINGTON   (United States)

Author keywords

Access Control Lists; Windows 2000

Indexed keywords

COMPUTER OPERATING SYSTEMS; DATA STRUCTURES; DATABASE SYSTEMS; ELECTRONIC MAIL;

ACCESS CONTROL LISTS;

SECURITY OF DATA;

EID: 0035791551     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/373256.373271     Document Type: Conference Paper

References (27)

1. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin, A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, Oct. 1993.
2. D. Balfanz, and D. Simon, WindowBox: A Simple Security Model for the Connected Desktop. In Proceedings of the 4th USENIX Windows Systems Symposium, Aug. 2000.
3. D. Bell and L. LaPadula, Secure Computer System: Unified Exposition and the Multics Interpretation. Technical Report No. ESD-TR-75-306, Electronics Systems Division,AFSC, Manscom AF Base, Bedford, MA, 1976.
4. A. Berman, V. Bourassa, and E. Selberg, TRON: Process-specific file protection for the UNIX operating system. In Proceedings of the 1995 USENIX Winter Technical Conferences pages 165-175. Jan. 1995.
5. B. Callaghan, B. Pawloski and P. Staubach, NFS Version 3 Protocol Specification. Request for Comments RFC 1813, Internet Engineering Task Force, Jun. 1995.
6. Computer Emergency Response Team, CERT Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag Vulnerability, http://www.cert.org/advisories/CA-2000-16.html, Aug. 2000.
7. G. Clemm, A. Hopkins, E. Sedlar and J. Whitehead, WebDAV Access Control Protocol. Internet draft draft-ietf-webdav-acl-04, Intnernet Engineering Task Force, Jan. 2001.
8. D. Denning, A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5), pages 236-243, Aug. 1976.
9. T. Dierks and C. Allen, The TLS Protocol. Request for Comments RFC 2246, Interact Engineering Task Force, Jan. 1999.
10. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications - Confining the Wily Hacker. In Proceedings of the 1996 USENIX Security Symposium.
11. J. Kohl and B. C. Neuman. The Kerberos Network Authentication Service (V5). Request for Comments (Proposed Standard) RFC 1510, Internet Engineering Task Force, Sep. 1993.
12. J. Kohl, B. C. Neuman, and T. Y. T'so. The Evolution of the Kerberos Authentication System. In Distributed Open Systems, pages 78-94. IEEE Computer Society Press, 1994
13. P. J. Leach and R. Salz, UUIDs and GUIDs. Interact Draft draft-leach-uuids-guids-01.txt. Interact Engineering Task Force, Feb. 1998.
14. J. Linn, Generic Security Service API, Request For Comments RFC 1508, Interact Engineering Task Force, Sep. 1993.
15. D. Mackey and R. Salz, DCE ACL Library - Functional Specification, OSF DCE SIG Request For Comments 46.0, Oct. 1993.
16. th Workshop on Hot Topics in Operating Systems, May 1997.
17. Microsoft Corp., Windows 2000 Active Directory, http://www.microsoft.com/widows2000/guide/server/features/directory.asp, 2000.
18. Microsoft Knowledge Base, Large Numbers of ACEs in ACLs Impair Directory Service Performance, http://support.microsoft.com/support/kb/articles/q271/8/76.asp, 2000.
19. Microsoft Corp., Distributed Component Object Model. http://www.microsoft.com/com/tech/dcom.asp, 1998.
20. Microsoft Corp., ActiveX Controls, http://microsoft.com/com/tech/activex.asp, 1999.
21. Novell Inc., NDS 8. http://www.novell.com/documentation/lg/nds8/docui/index.html, 1999.
22. D. Ritchie, and K. Thompson, The UNIX Timesharing System. Communications of the ACM, 17(7), pages 365-375, Jul. 1974.
23. J. Saltzer and M. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE 63(9), pages 1278-1308, Sep. 1975.
24. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-Based Access Control Models. IEEE Computer, 29(2) pages 38-47, Feb. 1996.
25. M. Swift, J. Trostle, J. Brezak and B. Gossman, Kerberos Set/Change Password: Version 2, Internet Draft draft-ietf-cat-kerberos-set-passwd-03 Internet Engineering Task Force, Apr. 2000.
26. th USENIX Security Symposium, Jul. 1996.
27. nd IEEE International Workshop on Enterprise Security, Jun. 1997.