[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Access Control

Title: A Guide To Understanding Discretionary Access Control In Trusted Systems
Authors: National Computer Security Center
Abstract:
This publication, "A Guide to Understanding Discretionary Access Control In Trusted Systems," is issued by the National Computer Security Center (NCSC) under the authority of and in accordance with Department of Defense (DoD) Directive 5215.1, "Computer Security Evaluation Center." The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD.

Title: The Operator Shell: A Means Of Privilege Distribution In Unix
Authors: Michael Neuman Gary Christoph
Abstract:
The Operator Shell (Osh) is a setuid root, security enhanced, restricted shell for providing fine-grain distribution of system privileges for a wide range of usages and requirements. Osh offers a marked improvement over other Unix privilege distribution systems in its ability to specify access to both commands and files, auditing features, and familiar interface. This paper describes the design, features, security considerations, internals, and applications of the Operator Shell.

Title: Proxy-Based Authorization and Accounting for Distributed Systems
Authors: B. Clifford Neuman
Abstract:
Despite recent widespread interest in the secure authentication of principals across computer networks there has been considerably less discussion of distributed mechanisms to support authorization and accounting. By generalizing the authentication model to support restricted proxies, both authorization and accounting can be easily supported. This paper presents the proxy model for authorization and shows how the model can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance between access-control-list and capability-based mechanisms allowing each to be used where appropiate and allowing their use in conbination. The paper describes how restricted proxies can be supported using existing authetication methods.


Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.