Результаты исследований: Научные публикации в периодических изданиях › статья › Рецензирование
FGACFS : A fine-grained access control for *nix userspace file system. / Lovyagin, Nikita Yu; Chernishev, George A.; Smirnov, Kirill K.; Dayneko, Roman Yu.
в: Computers and Security, Том 88, 101632, 01.2020.Результаты исследований: Научные публикации в периодических изданиях › статья › Рецензирование
}
TY - JOUR
T1 - FGACFS
T2 - A fine-grained access control for *nix userspace file system
AU - Lovyagin, Nikita Yu
AU - Chernishev, George A.
AU - Smirnov, Kirill K.
AU - Dayneko, Roman Yu.
PY - 2020/1
Y1 - 2020/1
N2 - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.
AB - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.
KW - Access control
KW - ACL
KW - Filesystems
KW - Folder sharing
KW - FUSE
KW - Userspace filesystem
UR - http://www.scopus.com/inward/record.url?scp=85074605636&partnerID=8YFLogxK
UR - https://www.mendeley.com/catalogue/6154c1c7-24b8-3c0c-98ab-989a6a432ad3/
U2 - 10.1016/j.cose.2019.101632
DO - 10.1016/j.cose.2019.101632
M3 - Article
AN - SCOPUS:85074605636
VL - 88
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 101632
ER -
ID: 49649488