IntroductoryAccess control is a technique that used to control who or what canaccess the resources in a system.
It is also a collection of mechanism thatwork together to protect the information assets of the enterprise fromunauthorized access. Access control divides into two types, which are physicaland logical. Physical access control focus on physical protection ofinformation and assets, for example, install a gate to prevent unauthorizedaccess. Logical control focus on limit the connection to computer networks,system files and data.
An access control system perform authorization,identification, authentication, access approval, and accountability of entitiesthough login credentials including passwords, PINs, biometric scans, andphysical or electronic keys. Access control is very important because it usedto enhance the security of the users, buildings and assets, it protect themfrom being destroy. For Operating Systems (OS), access control focuses on the logicalaccess control. The OS validates the user before allowing it to access theresources. Access control is one of the key security feature which is availableon both Windows 10 and Ubuntu. In general, there are two aspects in which theaccess control manages which is file-level security and process-level security.File-level security is the permission to access resources and how the resourcescan be accessed while process-level security is the user’s capability inaccessing the system. Comparison between the Windows 10 Version 1803and Ubuntu 16.
04.3LTSFeaturesWindows 10 Version 1803Windows 10 utilizes the Access Control List (ACL) in file-levelsecurity. In Windows 10, The ACL contains a list of entries which is calledaccess control entries (ACE). An unique security identifiers (SID) is used torepresent users and groups in the access control model. Each ACE in an ACLidentifies the trustee through SID and specifies their access rights andpermission.
When a security principle wishes to access any resources, theirrights and permission are being examined to determine if they are allowed toaccess the resources and how they can access it. Window 10’s ACL has two types of ACLs which is discretionaryaccess control list (DACL) and system access control list (SACL). A DACL identifies the security principle who are allowed or deniedaccess to a resource. The system checks the ACEs in the resource’s DACL when itis being access to determine whether to allow access to it. If the resourcedoes not have a DACL, the system will allow full access to everyone. If theevent that the resource has DACL but no ACEs, the system will deny all attemptsto access to the recourse because the DACL does not allow any access rights.The system checks the ACEs in sequence until it finds one or more ACEs thatallow all the requested access rights, or until any of the requested accessrights are denied.
On the other hand, a SACL is being used to log the attempts toaccess the resources. The ACEs in SACL specifies the type of access attempts inwhich will cause the system to generate a record in the security event log.Meaning that, if any attempts of accessing the record matches the ACE in SACL,the attempt will be recorded down in a security event log. An ACE in a SACL cangenerate audit records when an access attempt fails, when it succeeds, or both. Meanwhile for the process level security, Windows has developed atechnology named User Account Control (UAC). Before the introduction of UAC,Windows generally give their user full administrative access and/or privilegedaccess which allows the user to access everything on the system, even the mostcrucial parts. Thus, Windows invented the UAC to prevent this from happening.The UAC prevents modification to the Windows setting by requiring anadministrator permission.
A normal account user will be denied to make changesto Windows settings unless they are explicitly permitted by administrator or bysigning in as an administrator. Ubuntu 16.04.3LTSUbuntu uses two technology in file-level security, the UNIXowner-group-world permission model and ACL. The usage of the UNIX permissionmodel is more preferable in Ubuntu although ACL services are provided too.
The UNIXpermission model explicitly define what can the owner, group and world rightsto access, modify and execute a certain resources. A basic command ‘chmod modefilename’ is being use to change the rights of the specific resources. An octalformat mode is based upon an octal number representing the different modepermissions, where each of the permission groups (user, group, others) has anoctal value representing the read, write and execute bits. The octal formatmode is used to decide which entity is allow to perform what action on theresource. To further enhance the file-level security, sticky bit (a.k.
arestricted deletion flag) is used to make sure that a file or a directory onlylets the owner of the file/directory or the root user to delete or rename thefile. No other user is given privileges to delete the file created by someother user. The user may also chooses to use the ACL service which is alsoprovided by Ubuntu. There are two (2) basic classes of ACLs for Ubuntu, minimumACL and extended ACL. A minimum ACL merely comprises the entries for the typesowner, owning group, and other, which correspond to the conventional permissionbits for files and directories.
Minimum ACL have three ACL entries, ACLs withmore than the three entries are called extended ACLs. Extended ACLs alsocontain a mask entry and may contain any number of named user and named groupentries. ACL can be configured with a basic command called setfacl. There is aprerequisite in order to run the command, the partition for the file ordirectory which wishes to implement ACL must be mounted with ACL support.
Meanwhile, Ubuntu utilized the least-privilege approach inprocess-level security. Users are given least-privilege in Ubuntu. Su and sudois the administrative account which has privilege access to the system. The suand sudo is separated from the user accounts. Thus, when a user is compromised,the system will not be affected as the affected user does not have privilegeaccess and unable to escalate their privilege. StrengthsBy using ACL, it is easier for the admin to check which users areable to access a given file. It is also able to scale up well, work efficientlywith distributed systems. WeaknessesRegarding on the weaknesses, there are a few aspect to bediscussed.
First of all, Windows is giving their users full access control,which mean that every users have full access the system. Without a doubt, thisbrings benefits to the attackers. If one of the user being infected with avirus, it is easy for the attackers to gain access to the system as the useritself have privilege access.
Therefore, giving users full access control isnot a good idea. Furthermore, ACL itself contains some weaknesses. The complexityof ACL is one of the few weakness. In an ACL environment, it is easy to answerthe question “who are the users that have access to this object”, but it isdifficult to determine all privileges for a user, not just for that object.Meaning that is difficult to assign, remove and modify the rights to a user onall files in ACL. One would require to search for all the ACL, but it isespecially difficult to do so in large system with many groups and users orsystem which is constantly changing. In addition, there is no centralized wayto implement ACL. Different system has different format of ACLs, which meansthat the ACL is platform-dependent.
When changing one policy model to anotherpolicy model, it may cause trouble because different system have differentformat of ACL. Moreover, the other drawback of ACL is that the lack ofexpressiveness in the number of operations one can specify since it justextends the traditional read/write/execute permissions such that one canspecify more users than just the owner and more groups than just the file’sprimary group. Justification on different platformsFor Windows, the permission can be granted by the resource ownerand anyone who is authorized to grant permissions, which is the administrators.Normally, all the users are allow to access to all the file, the permission isimplicitly granted unless manually change to deny. This action is insecurebecause everyone can access to the all the files.
There are some sensitive andconfidential files that should not be access, read or modify by certain users,however, with the implicitly allow permission, they are able to access thefiles. Therefore, the admin should always remember to set the ACLs toexplicitly deny the unauthorized users to access confidential files. However, the file access permission in Ubuntu is implicitly deniedby default, unless manually change to explicitly allow.
Except superuser, a.k.aroot user able to access all the files, other users can only access to certainfiles. In order to access all the files, the users have to sudo or su to loginas root user. Compare to Windows, Ubuntu is more secure because normal usersare not allow to access the sensitive or confidential files at first. They arenot authorized to access, read, and write to certain files unless set the ACLsto granted permission.
Selection between these two platformsIn file-level security, both Windows 10 and Ubuntu both uses theACL technology but Ubuntu users generally uses the UNIX system-group-worldpermission model. The UNIX model does specific the rights and permission of asecurity principle, however, these permission sets have limitations. Forexample, different permissions cannot be configured for different users. TheACL on the other hand provides better file security by enabling one to definefile permissions on “per-user/per group” basis.
Although the ACL increasesthe complexity due to the system admin are unable to fully understand themodel, the ACL provides the system admin capabilities to define filepermissions on “per-user/per group” basis. ACL also provides theability for a file to be owned by several groups, instead of single group likethe classic Unix permission scheme. They also have higher priority thanstandard Unix permission and overwrite them in case of conflict. Since Ubuntudoes provide ACL services, we cannot define which of the OS has a bettersolution as it depends on which technology the user chooses to use. In process-level security, Ubuntu has a better solution comparedto Windows.
Ubuntu relied heavily on the su and sudo tools to delegateauthority and normal users are given the least privilege while the users inWindows were given full access to the system instead of being controlled.Although Windows 10 have the UAC in place to protect the users from modifyingthe system settings but it is simply not enough. ConclusionBoth OS provides great solutions in access controls. The technology providedhas to be utilized in order to have a secure environment. The choice of user iscritical thus the user need to self educate and constantly update themselves onthe latest technology and how the technology works. Only with knowledge can oneknow what is the best to protect themselves.