TRON: Process-Specific File Protection for the UNIX Operating System

The file protection mechanism provided in UNIX is insufficient for current computing environments. While the UNIX file protection system attempts to protect users from attacks by other users, it does not directly address the agents of destruction-executing processes. As computing environments become more interconnected and interdependent, there is increasing pressure and opportunity for users to acquire and test non-secure, and possibly malicious, software.

We introduce TRON, a process-level discretionary access control system for UNIX. TRON allows users to specify capabilities for a process' access to individual files, directories, and directory trees. These capabilities are enforced by system call wrappers compiled into the operating system kernel. No privileged system calls, special files, system administrator intervention, or changes to the file system are required. Existing UNIX programs can be run without recompilation under TRON-enhanced UNIX. Thus, TRON improves UNIX security while maintaining current standards of flexibility and openness.