Access control list – ACL Defined
Access control list (ACL) is used to identify individual or group user permissions in a computer system. The access control list is generally in table format, or some other software specific data structure. ACLs are a fundamental part of technology security systems.
A Little More on Access Control Lists or ACLs
ACLs grants file access to different users or group without having to include them in the same category for them to have access permission unlike in files and directories, where different permissions cannot be configured for different users.
Also, files and directories permission sets are configured for the owner of the data, the group to which the file owner belongs, and the other system users only. ACLs on the others hand solve the limitation with files and directories by providing more precise control than file permissions alone, by giving the owner of an object the ability to grant or deny any user access.
ACL mechanism is available in most UNIX such as HP-UX, Solaris, and AIX, among others. However in other system ACL is not provided, for example, GNU / Linux, and one needs to install it as an additional package.
GNU / Linux support 2 basic types of ACL:
- Standard ACL- They contains three ACLs entries, that is, owner, owner group, and other types. Theses ACL entries are equivalent with the files and directory mode permission bits.
- Extended ACL: They have more than three ACL entries. Theses ACLs also contain a mask entry and may comprise any number of named user and named group entries.
ACLs models define three classes of elements including User, group and mask permits that are configured with a set of permission. The permissions defined are read (r), write (w), and execute (x).
For ACL to function optimally one needs to ascertain:
- a) Whether the computer’s kernel can support as well as allow mounting of extended attributes and ACL.
- b) Whether userspace utilities have been installed to establish the ACL: ACL package.
The kernel being a core the core of a computer’s operating system is where the ACL is activated for users of Ubuntu OS.
Regarding the installation of userspace utilities, and in order to work with ACL in a particular file system (/ home) in the / etc / fstab file, one has to indicate it in as mentioned below:
# cat / etc / fstab | grep home/ dev / sda2 / home ext4 defaults, acl 0
# cat /etc/fstab|grep home#
/dev/sda2 /home ext4 defaults,acl 0 /dev/sda2
To avoid rebooting the system, one can override the partition so that it uses ACL by executing the command below:
# mount -o remount -o ACL /dev/sda2 /home#
With this, the ACLs is ready for use in the system. We install the ACL package (can be done by default).
# sudo apt-get install acl#
The following package contains the utilities that will allow one to establish and manage the ACLs: chacl, getfacl, and setfacl.
References for Access Control List
Academic Research for Access Control List
- ACLA: A framework for access control list (ACL) analysis and optimization, Qian, J., Hinrichs, S., & Nahrstedt, K. (2001). ACLA: (pp. 197-211). Springer, Boston, MA. The paper looks at the challenges facing network administrators in implementing security over large a large network environment and how the use of Access Control List (ACL) effectively employs thousands of commands to ensure network security is achieved efficiently.
- Achieving secure, scalable, and fine-grained data access control in cloud computing, Yu, S., Wang, C., Ren, K., & Lou, W. (2010, March). In Infocom, 2010 proceedings IEEE (pp. 1-9). Ieee. The paper analyses the challenges with user access to cloud computing and security risks and discusses how Access Control List (ACL) can be utilized as a combining technique for data encrypting to give privileged confidentiality.
- Proposed NIST standard for role-based access control, Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001).ACM Transactions on Information and System Security (TISSEC), 4(3), 224-274. The paper suggests a new standard to be adopted for role-based access control entries for information security.
- Access control: principle and practice, Sandhu, R. S., & Samarati, P. (1994). IEEE communications magazine, 32(9), 40-48. The article tries to explain access control and its relationship to other security services and the principles and practices that need to be adopted for secure access control.
- A generic anti-spyware solution by access control list at kernel level, Chow, S. S., Hui, L. C., Yiu, S. M., Chow, K. P., & Lui, R. W. (2005). Journal of Systems and Software, 75(1-2), 227-234. Tthe paper proposes a more generic anti-spyware solution by utilizing an access control list in a kernel mode of the computer operating systems and how to implement it.
- Towards the optimization of access control list., Zeng, K. Y., & Yang, J. H. (2007). Ruan Jian Xue Bao(Journal of Software), 18(4), 978-986. The paper looks at the advantage of access control lists as a solution to network security challenges arising and proposes solutions based on research.
- A new dynamic access control scheme based on subject-object list, Hwang, M. S., & Yang, W. P. (1994). Data & knowledge engineering, 14(1), 45-56. The paper proposes new access control entries that update, add, and removes subjects and objects frequently in the computer system without recomputing existing ACL entries.
- Techniques and algorithms for access control list optimization, Al Abdulmohsin, I. M. (2009). Computers & electrical engineering, 35(4), 556-566. The paper presents methods and algorithm for access control list optimization that can be implemented either online or offline to the system.
- Secure computer system: Unified exposition and multics interpretation, Bell, D. E., & La Padula, L. J. (1976). (No. MTR-2997-REV-1). MITRE CORP BEDFORD MA. The paper presents and discusses the Unified explanation and Multics interpretation for a secure computer system concerning access control lists.
- Access control list processing in hardware, Alessandri, D. (1997). In MS thesis, Elect. Eng. Dept., Eidgenossische Technische Hochschule. This thesis analyses the various techniques Access control list processing in hardware and how the presented techniques support ACL configuration in system communication.
- Research of access control list in enterprise network management, Yu, B., & Wang, R. (2013). In Informatics and Management Science VI (pp. 121-129). Springer, London. The paper discusses research on access control list in enterprise network management and solutions that benefit enterprises implementing complete ACL design solution.
- The consistency of an access control list, Li, S. P., Wu, S. Z., & Guo, T. (2002, December). (pp. 367-373). Springer, Berlin, Heidelberg. The paper discusses the consistency of Access control lists in system verification and suggest more research to reduce the amount of computation required to examine the consistency of the ACL.