TY - JOUR

T1 - FGACFS

T2 - A fine-grained access control for *nix userspace file system

AU - Lovyagin, Nikita Yu

AU - Chernishev, George A.

AU - Smirnov, Kirill K.

AU - Dayneko, Roman Yu.

PY - 2020/1

Y1 - 2020/1

N2 - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.

AB - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.

KW - Access control

KW - ACL

KW - Filesystems

KW - Folder sharing

KW - FUSE

KW - Userspace filesystem

UR - http://www.scopus.com/inward/record.url?scp=85074605636&partnerID=8YFLogxK

UR - https://www.mendeley.com/catalogue/6154c1c7-24b8-3c0c-98ab-989a6a432ad3/

U2 - 10.1016/j.cose.2019.101632

DO - 10.1016/j.cose.2019.101632

M3 - Article

AN - SCOPUS:85074605636

VL - 88

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

M1 - 101632

ER -