Operation system access is very important to make sure the system utilities are secured and all privileged access will be monitored from time to time. Operation system access need to alert all the events and trigger red flag if any suspicious activities occur which is accessing sensitive resources with logging and monitoring user or program. Besides that, operating system need to be update with latest patch to make sure the system is secured from time to time. Operation system access also need to take care of any connectivity between devices and the system itself to prevent any security threats that can manage the system itself either logical or physical.
There are a few of access controls in operation system are matrix, ACL (Access Control List), capabilities and multi- level securities (MLS). There are two common assumptions about the access control are system already knows who is the user access the operation system and the user access requests pass through the gatekeeper. The system can determine the user through the username and password during authentication process or using other info. The gatekeeper will determine if user eligible to access the resources.
There are two implementation concepts in access control matrix are access control list (ACL) and capability. The capability which is each resource will be hold by the user allowed by the system itself. Image below shows that each resource belongs to column and each user belong to row.
Role (also called as group) is a set of users such as administrator, power user, user or guest. Permission which is authorization or right to the resources. Each role has their own permissions to access the system resources which they can or can’t. Like example, administrator has the power to access all the resources because the role is the top level of access control hierarchy. Compare to guest, the guest role has insufficient permissions to access specific resources. Below is a sample of role hierarchy in operation system. The role hierarchy shows that if the user has right r, and r>s, then user has right s. If user has read access to directory, user has read access to every file in directory. But there are cons in access control which complex mechanisms require complex input, difficult to configure and other organizing ideas try to simplify problem.
- Operating System Access. (n.d.). Retrieved from http://ithandbook.ffiec.gov/it-booklets/information-security/security-controls-implementation/access-control-/operating-system-access.aspx
- Access Control and Operating System Security. (n.d.). Retrieved from https://crypto.stanford.edu/cs155old/cs155-spring03/lecture9.pdf