WINDOW ACCESS CONTROL SYSTEM: ITS DESIGN AND IMPLEMENTATION

By

Author

Presented To

Department of Computer Science

CHAPTER ONE

INTRODUCTION

1.0     Introduction

In computer security, window access control (WAC) refers to a type of access control which the operating system (OS) constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, input and output devices etc. Subjects and objects each have a set of security attributes.

Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kennel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules (aka policy) to determine if the operation is allowed. According to Pete Sclafani (2002), database management system, in its access control mechanism, can also apply window access control. With window access control, this security policy is centrally controlled by a security policy administrator. Users do not have the ability to override the policy to grant access to files that would otherwise be restricted. By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions or assign security attributes. WAC-enabled systems allow policy administrators to implement organization-wide security policies. Unlike with DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users. According to Barkley J., (1997) MAC has been closely associated with multi-level secure (MLS) systems. The Trusted Computer System Evaluation Criteria (TCSEC), the seminal work on the subject which is often referred to as the "Orange Book", defines WAC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity". Early implementations of WAC such as Honeywell's SCOMP, USAF SACDIN, NSA Blacker, and Boeing's MLS LAN focused on MLS to protect military-oriented security classification levels with robust enforcement. Originally, the term WAC denoted that the access controls were not only guaranteed in principle, but in fact. Early security strategies enabled enforcement guarantees that were dependable in the face of national lab level attacks. More recently, with the advent of implementations such as SELinux (incorporated into Linux kernels, Window Integrity Control (incorporated into Windows Vista and newer), and window schemes derived from the FreeBSD WAC Framework in OS, iOS, and Junos, WAC has started to become more mainstream and is evolving out of the MLS niche. These more recent WAC implementations have recognized that the narrow TCSEC definition, focused as it was on MLS, is too specific for general use Cavale M., and McPherson D., (2003). These implementations provide more depth and flexibility than earlier MLS-focused implementations, allowing (for example) administrators to focus on issues such as network attacks and malware without the rigor or constraints of MLS systems

Theoretical Background

Many application programs demand too many privileges, more than strictly necessary to access the data on which they operate. Logical model of Windows XP access control, in a declarative but executable (Datalog) format. We have built a scanner that reads access-control configuration information from the Windows registry, file system, and service control manager database, and feeds raw configuration data to the model.

Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems require more sophisticated and complex control. In some cases, authorization may mirror the structure of the organization, while in others it may be based on the sensitivity level of various documents and the clearance level of the user accessing those documents. When we run this on a typical Windows installation managed by a careful systems administrator, and several exploitable user-to-administrator and guest-to-any-user vulnerabilities caused by misconfigurations in the default installation of software from Adobe, AOL, Macromedia, Microsoft and some anonymous vendors.

1.2                        Statement of Problem

Window access control system with access controls has historically implied a very high degree of robustness that assures that the control mechanisms resist subversion, thereby enabling them to enforce an access control policy that is mandated by some regulation that must be absolutely enforced for classified information.

For WAC, the access control decision is contingent on verifying the compatibility of the security properties of the data and the clearance properties of the individual (or the process proxying for the individual). The decision depends on the integrity of the metadata (e.g. label) that defines the security properties of the data, as well as the security clearance of the individual or process requesting access.

1.3                        Aim and Objectives of Study

This project aim primary at developing a window access control system that will help to secure unauthorized access to the computer system file or important document.  This project is aimed to develop a computerized software program that enforces user authentication and authorization for users of m-desk, and thereby solve the problems derived from the fact that the DICOM standard does not specify a way to place restrictions on the resources a PACS may provide.

The project also has the ambition to simplify the administration of m-desk.

That is, the administration regarding the set-up of the DICOM application between m-desk and the WAC. In order to be able to place any restrictions on the resources provided by a WAC, the program should be located logically between the clients and the window.

1.4                        Purpose of he Study

The purpose of this study is to provide and to promote the level of security measure in an organization and in individual household. The is aimed at developing or designing a software that will be able to guard the computer from been access in such a way that intruders are not given a bit chance to introduce themselves to the computer system. 

1.5                        Significance of the Study

Obviously the design of this window access control system is expected to be a guard to any unauthorized access to computer files without adequate permission from the administrator. It help will the organization to be able to secure their document and files from been access by unknown users. This window access control system will help to restore the clients and organization goodwill’s about keeping their file and relevant document. To some organization or individual who might likely prefer having their document save in the computer will be to relief from fact of fear of sabotage.  The research will go a long way to alleviate the problem fraud in financial industries.  With the advent of this idea or development, files and important document are solely secured.            

 1.6    Scope of the Study

This research work will concentrate on a window access control system alone. The scope is covered from developing a software that will carry out the operation.

1.7     Limitations of the Study       

Some of the constraints, which made me not to cover this work wide are;

1.       Financial help which I needed most to carry out this project work

2.       Economic uncertainty in the country

3.       No access to materials related to the topic.

 1.8    Organization of the Study

The research work is organized into five chapters.

Chapter one is the introduction, theoretical background, statement of the problems, objectives of the study, significance of the study, organization of the research, scope and limitations of the study and definition of terms.

Chapter two contains the review of related literature.

Chapter three is about the system design and methodology used in gathering information for the research work.

Chapter four elucidates about the implementation of the system, chapter talks about the summary, conclusion and recommendations.

1.9     Definition of Terms

Access: - This way or an opportunity for someone to use something either in a negative or positive way.

Principal: - several measurement techniques used in the life science to gather data for many more variables per sample        that the typical number of sample assayed.

Policy: - This is a principal or protocol to guide decision making to achieve rational outcome. A policy is a statement               of intend and implemented as a procedure or protocol.

Security: - This is the protection of information asset through the use of technology, process and training. Is equally the degree of resistance to or protection from harm. It implies to any vulnerable and valuable asset such as person, dwelling, community, nation or organization.

Window: - this is an operating system which is an interface or bridge between computer hardware and software. The hardware is really hard to understand by using the software we made soften the things and forgot about the hardness of the hardware so window is and user friendly interface between computer and