fedir/ICFS-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed "section" to "chapter"

Browse Source
This commit is contained in:
BritishTeapot 2025-04-12 17:12:56 +02:00
parent fae2a67fc9
commit b4a5ca2067
Signed by untrusted user who does not match committer: fedir
GPG Key ID: C959EE85F0C9362C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
accesscontrol.tex
View File

@ -28,7 +28,7 @@ The fundamental weakness of the traditional UNIX DAC model, and even its extensi
This vulnerability stems from the “all or nothing” nature of user ownership. A process running with users EUID inherits all of users privileges, treating all files they own as equally accessible. Theres no way to restrict a specific process, even one initiated by the user themselves, from accessing certain files or performing certain operations.
These limitations highlight the need for more sophisticated access control mechanisms that go beyond simple user identity and consider the context and trustworthiness of the process attempting to access a resource. Mandatory Access Control (MAC) and sandboxing technologies are emerging solutions aiming to address these shortcomings by introducing finer-grained control over process privileges and resource access. The following sections will explore these alternatives in detail.
These limitations highlight the need for more sophisticated access control mechanisms that go beyond simple user identity and consider the context and trustworthiness of the process attempting to access a resource. Mandatory Access Control (MAC) and sandboxing technologies are emerging solutions aiming to address these shortcomings by introducing finer-grained control over process privileges and resource access. The following chapter will explore these alternatives in detail.
\todo[inline, author={\textbf{Draft note}}]{Talk more about the threat model?}