Access control is a technique that used to control who or what can
access the resources in a system. It is also a collection of mechanism that
work together to protect the information assets of the enterprise from
unauthorized access. Access control divides into two types, which are physical
and logical. Physical access control focus on physical protection of
information and assets, for example, install a gate to prevent unauthorized
access. Logical control focus on limit the connection to computer networks,
system files and data. An access control system perform authorization,
identification, authentication, access approval, and accountability of entities
though login credentials including passwords, PINs, biometric scans, and
physical or electronic keys. Access control is very important because it used
to enhance the security of the users, buildings and assets, it protect them
from being destroy.
For Operating Systems (OS), access control focuses on the logical
access control. The OS validates the user before allowing it to access the
resources. Access control is one of the key security feature which is available
on both Windows 10 and Ubuntu. In general, there are two aspects in which the
access control manages which is file-level security and process-level security.
File-level security is the permission to access resources and how the resources
can be accessed while process-level security is the user’s capability in
accessing the system.
Comparison between the Windows 10 Version 1803
and Ubuntu 16.04.3
Windows 10 Version 1803
Windows 10 utilizes the Access Control List (ACL) in file-level
security. In Windows 10, The ACL contains a list of entries which is called
access control entries (ACE). An unique security identifiers (SID) is used to
represent users and groups in the access control model. Each ACE in an ACL
identifies the trustee through SID and specifies their access rights and
permission. When a security principle wishes to access any resources, their
rights and permission are being examined to determine if they are allowed to
access the resources and how they can access it.
Window 10’s ACL has two types of ACLs which is discretionary
access control list (DACL) and system access control list (SACL).
A DACL identifies the security principle who are allowed or denied
access to a resource. The system checks the ACEs in the resource’s DACL when it
is being access to determine whether to allow access to it. If the resource
does not have a DACL, the system will allow full access to everyone. If the
event that the resource has DACL but no ACEs, the system will deny all attempts
to access to the recourse because the DACL does not allow any access rights.
The system checks the ACEs in sequence until it finds one or more ACEs that
allow all the requested access rights, or until any of the requested access
rights are denied.
On the other hand, a SACL is being used to log the attempts to
access the resources. The ACEs in SACL specifies the type of access attempts in
which will cause the system to generate a record in the security event log.
Meaning that, if any attempts of accessing the record matches the ACE in SACL,
the attempt will be recorded down in a security event log. An ACE in a SACL can
generate audit records when an access attempt fails, when it succeeds, or both.
Meanwhile for the process level security, Windows has developed a
technology named User Account Control (UAC). Before the introduction of UAC,
Windows generally give their user full administrative access and/or privileged
access which allows the user to access everything on the system, even the most
crucial parts. Thus, Windows invented the UAC to prevent this from happening.
The UAC prevents modification to the Windows setting by requiring an
administrator permission. A normal account user will be denied to make changes
to Windows settings unless they are explicitly permitted by administrator or by
signing in as an administrator.
Ubuntu uses two technology in file-level security, the UNIX
owner-group-world permission model and ACL. The usage of the UNIX permission
model is more preferable in Ubuntu although ACL services are provided too. The UNIX
permission model explicitly define what can the owner, group and world rights
to access, modify and execute a certain resources. A basic command ‘chmod mode
filename’ is being use to change the rights of the specific resources. An octal
format mode is based upon an octal number representing the different mode
permissions, where each of the permission groups (user, group, others) has an
octal value representing the read, write and execute bits. The octal format
mode is used to decide which entity is allow to perform what action on the
resource. To further enhance the file-level security, sticky bit (a.k.a
restricted deletion flag) is used to make sure that a file or a directory only
lets the owner of the file/directory or the root user to delete or rename the
file. No other user is given privileges to delete the file created by some
The user may also chooses to use the ACL service which is also
provided by Ubuntu. There are two (2) basic classes of ACLs for Ubuntu, minimum
ACL and extended ACL. A minimum ACL merely comprises the entries for the types
owner, owning group, and other, which correspond to the conventional permission
bits for files and directories. Minimum ACL have three ACL entries, ACLs with
more than the three entries are called extended ACLs. Extended ACLs also
contain a mask entry and may contain any number of named user and named group
entries. ACL can be configured with a basic command called setfacl. There is a
prerequisite in order to run the command, the partition for the file or
directory which wishes to implement ACL must be mounted with ACL support.
Meanwhile, Ubuntu utilized the least-privilege approach in
process-level security. Users are given least-privilege in Ubuntu. Su and sudo
is the administrative account which has privilege access to the system. The su
and sudo is separated from the user accounts. Thus, when a user is compromised,
the system will not be affected as the affected user does not have privilege
access and unable to escalate their privilege.
By using ACL, it is easier for the admin to check which users are
able to access a given file. It is also able to scale up well, work efficiently
with distributed systems.
Regarding on the weaknesses, there are a few aspect to be
discussed. First of all, Windows is giving their users full access control,
which mean that every users have full access the system. Without a doubt, this
brings benefits to the attackers. If one of the user being infected with a
virus, it is easy for the attackers to gain access to the system as the user
itself have privilege access. Therefore, giving users full access control is
not a good idea.
Furthermore, ACL itself contains some weaknesses. The complexity
of ACL is one of the few weakness. In an ACL environment, it is easy to answer
the question “who are the users that have access to this object”, but it is
difficult to determine all privileges for a user, not just for that object.
Meaning that is difficult to assign, remove and modify the rights to a user on
all files in ACL. One would require to search for all the ACL, but it is
especially difficult to do so in large system with many groups and users or
system which is constantly changing. In addition, there is no centralized way
to implement ACL. Different system has different format of ACLs, which means
that the ACL is platform-dependent. When changing one policy model to another
policy model, it may cause trouble because different system have different
format of ACL. Moreover, the other drawback of ACL is that the lack of
expressiveness in the number of operations one can specify since it just
extends the traditional read/write/execute permissions such that one can
specify more users than just the owner and more groups than just the file’s
Justification on different platforms
For Windows, the permission can be granted by the resource owner
and anyone who is authorized to grant permissions, which is the administrators.
Normally, all the users are allow to access to all the file, the permission is
implicitly granted unless manually change to deny. This action is insecure
because everyone can access to the all the files. There are some sensitive and
confidential files that should not be access, read or modify by certain users,
however, with the implicitly allow permission, they are able to access the
files. Therefore, the admin should always remember to set the ACLs to
explicitly deny the unauthorized users to access confidential files.
However, the file access permission in Ubuntu is implicitly denied
by default, unless manually change to explicitly allow. Except superuser, a.k.a
root user able to access all the files, other users can only access to certain
files. In order to access all the files, the users have to sudo or su to login
as root user. Compare to Windows, Ubuntu is more secure because normal users
are not allow to access the sensitive or confidential files at first. They are
not authorized to access, read, and write to certain files unless set the ACLs
to granted permission.
Selection between these two platforms
In file-level security, both Windows 10 and Ubuntu both uses the
ACL technology but Ubuntu users generally uses the UNIX system-group-world
permission model. The UNIX model does specific the rights and permission of a
security principle, however, these permission sets have limitations. For
example, different permissions cannot be configured for different users. The
ACL on the other hand provides better file security by enabling one to define
file permissions on “per-user/per group” basis. Although the ACL increases
the complexity due to the system admin are unable to fully understand the
model, the ACL provides the system admin capabilities to define file
permissions on “per-user/per group” basis. ACL also provides the
ability for a file to be owned by several groups, instead of single group like
the classic Unix permission scheme. They also have higher priority than
standard Unix permission and overwrite them in case of conflict. Since Ubuntu
does provide ACL services, we cannot define which of the OS has a better
solution as it depends on which technology the user chooses to use.
In process-level security, Ubuntu has a better solution compared
to Windows. Ubuntu relied heavily on the su and sudo tools to delegate
authority and normal users are given the least privilege while the users in
Windows were given full access to the system instead of being controlled.
Although Windows 10 have the UAC in place to protect the users from modifying
the system settings but it is simply not enough.
Both OS provides great solutions in access controls. The technology provided
has to be utilized in order to have a secure environment. The choice of user is
critical thus the user need to self educate and constantly update themselves on
the latest technology and how the technology works. Only with knowledge can one
know what is the best to protect themselves.