FGACFS: A fine-grained access control for *nix userspace file system

Nikita Yu Lovyagin, George A. Chernishev, Kirill K. Smirnov, Roman Yu. Dayneko

Результат исследований: Научные публикации в периодических изданияхстатья

Выдержка

In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.

Язык оригиналаанглийский
Номер статьи101632
ЖурналComputers and Security
Том88
Ранняя дата в режиме онлайн2 окт 2019
DOI
СостояниеОпубликовано - янв 2020

Отпечаток

Access control
Copying
Experiments
efficiency
experiment
performance

Предметные области Scopus

  • Компьютерные науки (все)
  • Право

Цитировать

@article{69343b9c7be6448792241499f3a72922,
title = "FGACFS: A fine-grained access control for *nix userspace file system",
abstract = "In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.",
keywords = "Access control, ACL, Filesystems, Folder sharing, FUSE, Userspace filesystem",
author = "Lovyagin, {Nikita Yu} and Chernishev, {George A.} and Smirnov, {Kirill K.} and Dayneko, {Roman Yu.}",
year = "2020",
month = "1",
doi = "10.1016/j.cose.2019.101632",
language = "English",
volume = "88",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier",

}

FGACFS : A fine-grained access control for *nix userspace file system. / Lovyagin, Nikita Yu; Chernishev, George A.; Smirnov, Kirill K.; Dayneko, Roman Yu.

В: Computers and Security, Том 88, 101632, 01.2020.

Результат исследований: Научные публикации в периодических изданияхстатья

TY - JOUR

T1 - FGACFS

T2 - A fine-grained access control for *nix userspace file system

AU - Lovyagin, Nikita Yu

AU - Chernishev, George A.

AU - Smirnov, Kirill K.

AU - Dayneko, Roman Yu.

PY - 2020/1

Y1 - 2020/1

N2 - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.

AB - In this paper we present FGACFS — a fine-grained access control file system designed for creating and administering directories with shared access in the *nix operating system family. The proposed access control model extends POSIX ACLs. Its essential features are: 1) an extensive list of enforceable permissions, 2) separating file and directory permissions, 3) two different mechanisms of permission inheritance — one for classic inheritance and one for copying permissions for newly-created objects. In overall, there are 19 file and 29 directory permission types. These permissions are designed to be implemented in a single tool and to allow control of both system users and programs simultaneously. To evaluate our approach, we have developed a software implementation based on this model. FGACFS is a userspace file system that was created by implementing the FUSE interface. Our file system is independent of underlying network and on-disk file systems. In our experiments we have evaluated two different approaches for storing permissions and a single permission caching scheme that we have developed to speed up operations. The conducted performance tests show the efficiency of our approach and demonstrate that our solution is ready to be deployed and used at least in small workgroups.

KW - Access control

KW - ACL

KW - Filesystems

KW - Folder sharing

KW - FUSE

KW - Userspace filesystem

UR - http://www.scopus.com/inward/record.url?scp=85074605636&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.101632

DO - 10.1016/j.cose.2019.101632

M3 - Article

AN - SCOPUS:85074605636

VL - 88

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

M1 - 101632

ER -