Design and Implementation of Window Access Control System
The relevance of this study cannot be overemphasized because it tends to reveal the impact and effect of the Window Access Control Security System. The main focus of this system is to design a system that would be able to handle security processes (aspect) in a computer system The system was studied and relevant officials were interview to acquire the required data. This designed new system allows easily information retrieval of accurate information for effective and efficient allocations. Easy maintenance of information integrity as well as time saving and reduction in operation. The system design is visual basic 6.0 because it is interactive, menu-driven and user friendly. It provides a piece of timely information: about students. Most students information operations are recorded and stored in the computer and retrieved at willed. It ensures security in windows and also accesses some vital software online. It is recommended that private and public enterprises should make use of the newly developed system.
In computer security, window access control (WAC) refers to a type of access control in which the operating system (OS) constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, input and output devices etc. Subjects and objects each have a set of security attributes.
Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kennel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules (aka policy) to determine if the operation is allowed. According to Pete Sclafani (2002), a database management system, in its access control mechanism, can also apply window access control. With window access control, this security policy is centrally controlled by a security policy administrator. Users cannot override the policy to grant access to files that would otherwise be restricted. By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions or assign security attributes. WAC-enabled systems allow policy administrators to implement organization-wide security policies. Unlike with DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users. According to Barkley J., (1997) MAC has been closely associated with multi-level secure (MLS) systems. The Trusted Computer System Evaluation Criteria (TCSEC), the seminal work on the subject which is often referred to as the “Orange Book”, defines WAC as “a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity”. Early implementations of WAC such as Honeywell’s SCOMP, USAF SACDIN, NSA Blacker, and Boeing’s MLS LAN focused on MLS to protect military-oriented security classification levels with robust enforcement. Originally, the term WAC denoted that the access controls were not only guaranteed in principle but fact. Early security strategies enabled enforcement guarantees that were dependable in the face of national lab level attacks. More recently, with the advent of implementations such as SELinux (Incorporated into Linux kernels, Window Integrity Control (incorporated into Windows Vista and newer), and window schemes derived from the FreeBSD WAC Framework in OS, iOS, and Junos, WAC has started to become more mainstream and is evolving out of the MLS niche. These more recent WAC implementations have recognized that the narrow TCSEC definition, focused as it was on MLS, is too specific for general use Cavale M., and McPherson D., (2003). These implementations provide more depth and flexibility than earlier MLS-focused implementations, allowing (for example) administrators to focus on issues such as network attacks and malware without the rigour or constraints of MLS systems.
1.1 Theoretical Background
Many application programs demand too many privileges, more than strictly necessary to access the data on which they operate. Logical model of Windows XP access control, in a declarative but executable (Datalog) format. We have built a scanner that reads access-control configuration information from the Windows registry, file system, and service control manager database and feeds raw configuration data to the model.
Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defence include some form of access control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems require more sophisticated and complex control. In some cases, an authorization may mirror the structure of the organization, while in others it may be based on the sensitivity level of various documents and the clearance level of the user accessing those documents. When we run this on a typical Windows installation managed by a careful systems administrator, and several exploitable user-to-administrator and guest-to-any-user vulnerabilities caused by misconfigurations in the default installation of software from Adobe, AOL, Macromedia, Microsoft and some anonymous vendors.
1.2 Statement of Problem
Window access control system with access controls has historically implied a very high degree of robustness that assures that the control mechanisms resist subversion, thereby enabling them to enforce an access control policy that is mandated by some regulation that must be enforced for classified information.
For WAC, the access control decision is contingent on verifying the compatibility of the security properties of the data and the clearance properties of the individual (or the process proxying for the individual). The decision depends on the integrity of the metadata (e.g. label) that defines the security properties of the data, as well as the security clearance of the individual or process requesting access.
1.3 Aim and Objectives of Study
This project aims primarily at developing a window access control system that will help to secure unauthorized access to the computer system file or an important document. This project is aimed to develop a computerized software program that enforces user authentication and authorization for users of m-desk and thereby solve the problems derived from the fact that the DICOM standard does not specify a way to place restrictions on the resources a PACS may provide.
The project also has the ambition to simplify the administration of the them-desk.
That is the administration regarding the set-up of the DICOM application between the them-desk and the WAC. To be able to place any restrictions on the resources provided by a WAC, the program should be located logically between the clients and the window.
1.4 Purpose of the Study
The purpose of this study is to provide and promote the level of security measures in an organization and individual household. The is aimed at developing or designing software that will be able to guard the computer against been access in such a way that intruders are not given a bit chance to introduce themselves to the computer system.
1.5 Significance of the Study
The design of this window access control system is expected to be a guard against any unauthorized access to computer files without adequate permission from the administrator. It help will the organization to be able to secure their document and files from been access by unknown users. This window access control system will help to restore the clients and organization goodwill’s about keeping their files and relevant document. To some organizations or individuals who might likely prefer having their document save on the computer will be to relieve from the fact of fear of sabotage. The research will go a long way to alleviate the problem of fraud in financial industries. With the advent of this idea or development, files and important documents are solely secured.
1.6 Scope of the Study
This research work will concentrate on a window access control system alone. The scope is covered by developing software that will carry out the operation.
1.7 Limitations of the Study
Some of the constraints, which made me not cover this work wide are;
1. Financial help which I needed most to carry out this project work
2. Economic uncertainty in the country
3. No access to materials related to the topic.
1.8 Organization of the Study
The research work is organized into five chapters.
Chapter one is the introduction, theoretical background, statement of the problems, objectives of the study, significance of the study, organization of the research, scope and limitations of the study and definition of terms.
Chapter two contains a review of related literature.
Chapter three is about the system design and methodology used in gathering information for the research work.
Chapter four elucidates the implementation of the system, the chapter talks about the summary, conclusion and recommendations.
1.9 Definition of Terms
Access: – This way or an opportunity for someone to use something either negatively or positively.
Principal: – several measurement techniques used in life science to gather data for many more variables per sample than the typical number of samples assayed.
Policy: – This is a principle or protocol to guide decision making to achieve a rational outcome. A policy is a statement of intent and implemented as a procedure or protocol.
Security: – This is the protection of information assets through the use of technology, process and training. Is equally the degree of resistance to or protection from harm. It implies any vulnerable and valuable asset such as a person, dwelling, community, nation or organization.
Window: – this is an operating system that is an interface or bridge between computer hardware and software. The hardware is really hard to understand by using the software we made soften the things and forgot about the hardness of the hardware so the window is and user-friendly interface between computer and user.
Barkley J., (1997) “Comparing Simple Role-Based Access Control Models and Access Control Lists,” Proceeding Second ACM Workshop on Role-Based Access Control.
Bentson R., (1996) “Inside LINUX: A Look at Operating System Development,” pages 99-101, Specialized Systems Consultants, Inc., PO Box 55549 Seattle, WA 98155-0549, February.
Brewer D., and Nash M., (1989) “The Chinese Wall Security Policy,” Proc IEEE Symp Security & Privacy, IEEE Comp Social Press.
Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., Haghighat, S. A., (1995) “Practical Domain and Type Enforcement for UNIX,” IEEE Symposium on Security and Privacy.
Cavale M., and McPherson D., (2003) “Role-Based Access Control Using Windows Server Authorization Manager,” “Role-Based Access Control for Multi-tier Applications Using Authorization Manager”, Microsoft Corporation.
Copyright © 2021 Author(s) retain the copyright of this article.
This article is published under the terms of the Creative Commons Attribution License 4.0