Issue dated - 9th June 2003

-

Previous Issues
CURRENT ISSUE
INDIA NEWS
NEWS ANALYSIS
STOCK FILE
INDIA TRENDS
E-BUSINESS
OPINION
FOCUS
COMPANY WATCH
TECHSPACE
TECHNOLOGY
PRODUCTS
EVENTS
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Backwaters
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > TechSpace > Story Print this Page|  Email this page

The evolution of security on the Windows platform

The C# Column - Yashawant Kanetkar

Security in the field of computers is similar to that in real life. We install security systems in our homes, banks and work places. These systems include gatekeepers, ID cards, closed circuit cameras, etc. Parallels to these are found even in the digital world. Gatekeepers are comparable to Firewalls. A firewall is a program that will continuously keep a watch on files that are being received by the network or computer. Files that are known to be malicious are denied an entry. Similarly, ID cards are comparable to user names and passwords. Cameras are comparable to network monitors or file-system monitors. Network monitors listen to and keep a record of all the communication taking place on the network. Similarly, file-system monitors keep track of any changes made to the files on the hard disk. In the computer world it is important to know who is authorised to use specified resources and to what extent. That “who” could be a person sitting at a computer, or a program that is being executed. This divides security implementation in two distinct branches.

  • Protection from malicious code
  • Protection from malicious users

The implementation of security in either type involves two stages—identification and deciding the scope of activity. In security terminology this is known as authentication and authorisation respectively. Authentication is responsible for identification and authorisation for deciding scope of activity. We shall discuss authentication and authorisation in detail later. After a program/user is positively identified, it needs to be decided as to what are the activities that the entity is permitted to do and an appropriate list is created. Each entry in this list is known as a permission. The list is known as the permission set.

Windows security model
Windows, like many other operating systems, decides permissions on the basis of the type of user who has logged in. Earlier, security features were almost negligible under the Windows 9x operating systems. Two users could look at each other’s personal data without ever being asked why. All software programs installed were available to all the users. Windows NT came with a better design. There was now a distinction between different users using a machine. Moreover, every user now had to log on to the computer before using it and then log off. There was no such thing as a default user any more. The operating system interacted differently with different users. Windows implemented the concept of groups. A group is a set of users having identical permissions. And for the user, the group to which he belongs becomes his role. For example if “XYZ” belongs to the Administrator group, then role of “XYZ” is Administrator and has permissions to do almost anything on the machine. Then there are users that can use the computer but cannot do tasks such as installing new software or changing system variables such as page memory size, etc. There are replicators, printers, power users and so on. An administrator has the right to add new users to the machine. He can decide the permissions to be given to these users. An administrator can also create custom groups with custom permissions. A user belonging to a certain group can do only those things that are permitted to him and nothing else. For example a user allowed to use only a printer can do only that besides logging on and off.

Under Windows if we intend to get some work done, we pass a request stating as such to the operating system. The operating system in turn performs the task for us. In a network, the origin of a request could be the local machine or a remote machine. Requests could be anything like accessing data, authenticating a user against a list of valid users maintained on the server, or using a resource like a printer. The server operating systems are fine-tuned to prioritise network requests (requests from remote computers) rather than local requests. Again, keeping in tune with the concept of security, we can configure the server to respond only to certain requests and turn down others.

One needs to decide whether to grant permissions for requests on the basis of the computer that is requesting them or grant them on the basis of the current login on that computer. This scenario is very flexible and highly configurable. Let’s see how the operating system manages this. With Windows NT 3.1 and onwards, Microsoft introduced a new way of managing files on the hard disk called the NT File System (NTFS). This file system was better than the FAT32 file system of previous versions. NTFS had provisions to allow or deny access to files on the basis of the user requesting access to them. For every file, the NTFS maintains a list of users allowed to access it. This functionality is not implemented in the FAT32 file system. Instead, in FAT32, the operating system keeps a list of files and who is allowed to access them. Such an arrangement works, but at the cost of performance.

The protection mechanisms discussed above were about granting of permissions to the user who is logged on. But if the user runs some malicious code, there is nothing that can be done to stop the code from causing havoc. This concern has been addressed by .NET through a concept called Code Access Security that we will discuss later.

Authentication and authorisation
As stated earlier, authentication is identification of a user and authorisation is granting permissions to the identified user. In any security-related scenario, authentication and authorisation are indispensable.

Windows NT performs authentication and authorisation at the time of login. Windows maintains a list of all users allowed to use that computer. This list is known as the Access Control List (ACL). Whenever a person tries to login using one of these registered users, Windows internally looks at ACL, and grants permissions to the user according to his or her role. Permissions are access permissions to files, ability to install programs, modify system parameters and so on.

After authenticating a user, the next step is to determine whether that user has permission to access the resources it is requesting. This process is known as authorisation. Authorisation can be controlled using any of the following methods.

(a) Windows Access Control List (ACL): This allows us to create permissions specific to the file system. Users can be allowed or denied access to resources right at the file system level. The NTFS file system discussed earlier is best suited for this. Using ACL to grant/deny permissions works best where our application is authenticated using a Windows account.

(b) Web Server Permissions: Web Server Permissions are configured on the IIS (Internet Information Server). This configuration specifies permissions such as read, right, access and denial to anyone accessing the website. There is a difference between NTFS permissions and Web Server permissions. Web Server permissions apply to all those who access the Web and FTP sites, NTFS permissions apply only to specific users and groups with registered Windows accounts.

(c) URL Authorisation: The URL maps specific users and roles to the contents of the URL. Access to the contents of the URL can be specifically allowed or denied to users and roles. Entries made to the ‘web.config’ file will implement this authorisation.

(d) Principal Objects: In security terminology, users or entities that have been authenticated are known as Principals.

Identification of the principal could be through any of the above-discussed procedures or could also be custom defined. The .NET platform provides a GenericPrincipal Class that can be extended as per requirements. We can then map our custom table to the Windows accounts.

Security under .NET
.NET security mechanisms work in close interaction with Windows security. It divides security into two distinct models.

  • Role Based Security
  • Code Access Security

Role based security decides permissions on the basis of the role (or type) of the user, whereas code access security grants permission on the basis of identity of the code. Identifying code is identifying the location from where the code is running. We’ll discuss these security models in greater detail in the next article.

Yashavant Kanetkar, one of the first Express Computer columnists, is an established software expert, speaker and author with several best-sellers to his credit, including titles like “Let Us C” and the “Fundas” series. Contact him at kanet@nagpur.dot.net.in
<Back to top>


© Copyright 2003: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.