Discussion on Minimizing File Access Privilege

Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can ac...

Full description

Saved in:
Bibliographic Details
Main Authors: Ning, Jing-xuan, He, Hong-jun, Luo, Li, Li, Peng, Dong, Li-ming
Format: Conference Proceeding
Language:English
Subjects:
Access control
Computer errors
Computer science
Error correction
File servers
File systems
Information security
Microcomputers
National security
Power system security
program least previlege
user least previlege
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Least privilege is a basic principle to be conformed to when design computer systems. For file access control, the paper decomposes least privilege as user least privilege and program least privilege. User least privilege is a set of file with the corresponding access mode with which the user can access the file, and program least privilege is a set of file with the corresponding access mode with which the program can access the file. The paper discusses security properties of program least privilege in detail, and points out that the security risk of system is dynamic, and the user must be responsible for security, because that user's operations affect risk of system directly. Once a system satisfies program least privilege, it will be immune against most file attacks. Further more, granularity of privilege and security limitations are discussed, which are relevant to program least privilege.
DOI:10.1109/MMIT.2008.162