TRON: Process-Specific File Protection for the UNIX Operating System Andrew Berman, Virgil Bourassa and Erik Selberg Department of Computer Science and Engineering University of Washington Seattle, WA 98195 Abstract The file protection mechanism provided in UNIX is insufficient for current computing environments. While the UNIX file protection system attempts to protect users from attacks by other users, it does not directly address the agents of destruction-executing processes. As computing environments become more interconnected and interdependent, there is increasing pressure and opportunity for users to acquire and test non-secure, and possibly malicious, software. We introduce TRON, a process-level discretionary access control system for UNIX. TRON allows users to specify capabilities for a process' access to individual files, directories, and directory trees. These capabilities are enforced by system call wrappers compiled into the operating system kernel. No privileged system calls, special files, system administrator intervention, or changes to the file system are required. Existing UNIX programs can be run without recompilation under TRON-enhanced UNIX. Thus, TRON improves UNIX security while maintaining current standards of flexibility and openness.
To Become a USENIX Member, please see our Membership Information.