Implied Protections
Implied Protections
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Problem:
In addition to the obvious protections granted by the protection
bits, there are normally a very large number of rights implied by the
protection state, even though they are not explicitly shown by it. As a
simple example, suppose you don't have READ access to a file `X', but
another user with READ access accidentally leaves a copy of `X' in a
file `Y' that you have READ access to. Even though the protection seems
to indicate that you can't examine the information in `X', you can do so
by examining the copy in `Y'. This is also how a virus spreads to areas
that its creator cannot directly access.
Prevention:
Implied protections cannot be effectively controlled in a normal
UNIX system. The only effective controls are provided by a mandatory
access control policy based on a POset structure on information flow.
Detection:
Implied protections can be derived, but normally, the implied
protection shows that all users can access all information.
Cure:
The only real cure is a system designed with POset based
protection built-in. No current UNIX systems provide this.