In a unix filesystem there is security on access to files and directories. This is based on rights for a user, group and world and there are read, write and execute access control for each. This works well for disk-based operating systems. A rogue process would have to be explicitly run by a particular user to have access to a particular file - for example a system configuration file requires root access.
Windows is generally less secure because file permissions aren't set in the same way (NT and XP have made some concessions to re-implementing this).
My intention is to extend this with reference to my previous post about an environment where data is held within the structure of the program. There is no file system in this situation. Access would need to be checked at runtime within the context of a thread (similar to processes being run by a particular user).
It could be checked on each function call, I don't have to say that this would have a *bit* of an overhead. Either we could accept the processor hit, or loosen the security somehow. We could make some calls unchecked, or grouping security around packages or create an override, for example the thread has been allowed to call function X, function X has stricter security than any functions it calls so no need to check security. The possibility of automating the last one here is clear.
Friday, February 10, 2006
Subscribe to:
Posts (Atom)