2. Unix History
• Developed by
Dennis Ritchie and
Ken Thompson at
AT&T Bell Labs
• Adapted some ideas
from the Multics
project in 1969
3. Design Features
• Written in C – portable
• Application program interface (API) – enabled
programmers to write applications that are
compatible with multiple platforms
• A small base program called “kernel” with a
standard interface to interact
4. Security
• Security goal:
– A common platform that could be shared by
several users
– Security problem becomes one of “protection”
• Common mechanisms
– Password storage
– Protection ring
– Access control lists
5. Kernel and Processes
• A running Unix system consists of the kernel
and the processes each running a program
– Protection ring boundary isolates the kernel from
the processes
– Each process has its own address space
– The concept of “file” for representing all
persistent system objects
6. Trusted Computing Base
• The set of software and data upon which the
system depends for correct enforcement of
system security goals
• Consists of the kernel and processes running
with root (superuser) privilege
7. Unix Protection System
• What does protection mean?
– An access enforcement mechanism that
authorizes requests from subjects to perform
operations on objects
– Requests: read, write, etc.
– Subjects: users, processes, etc.
– Objects: files, sockets, etc.
8. Unix Protection System
• Protection state: describes the operations that
system subjects can perform on system objects
• UNIX protection state specification
– Subjects: process identities
• Process identities: user id (UID), group id (GID), and a set of
supplementary groups.
– Objects: files
– Access: read, write, execute
– Protection state is specified by an access control list
(ACL) associated with each file
9. Unix File
• Each file is associated with:
– An owner UID and an owner GID
• Process with the owner UID privilege can modify the
protection state
– “mode bits” describe the ACL of a file
• {owner bits, group bits, others bits}, where each
element consists of a read bit, a write bit, and an
execute bit
• e.g., rwxr--r--
10. Authorization Mechanism
• If the process UID corresponds to the owner
UID of the file, use the mode bits for the
owner to authorize access.
• Else if the process GID or supplementary
groups correspond to the file’s group GID, use
the mode bits for the group permissions.
• Otherwise, use the permissions assigned to all
others.
11. Examples
-rw-rw-r-- 1 simon faculty 14 Sep 8 03:59 file1
-rw-rw-r-- 1 user1 faculty 14 Sep 8 04:04 file2
-rw-rw-r-- 1 user2 students 14 Sep 8 04:04 file3
“simon” belongs to group “faculty”
“user1”, “user2” belong to group “students”
-r-------- 1 simon faculty 14 Sep 8 03:59 file1
----r----- 1 user1 students 14 Sep 8 05:01 file2
-------r-- 1 user2 students 14 Sep 8 05:02 file3
12. Protection State Modification in Unix
• Protection state operations: enable a
protection state to be modified
• In Unix, the protection state can be modified
by any process that has the owner ID privilege
– This is called “discretionary access control”
– Essentially we have to trust all user-level processes
to achieve the security goal of protection