Abstract
The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.
Original language | English (US) |
---|---|
Pages (from-to) | 39-49 |
Number of pages | 11 |
Journal | Journal of Systems and Software |
Volume | 56 |
Issue number | 1 |
DOIs | |
State | Published - Feb 1 2001 |
Externally published | Yes |
Keywords
- Role-based access control
- Security
- Windows NT
ASJC Scopus subject areas
- Software
- Information Systems
- Hardware and Architecture