TRON: Process-Specific File Protection for the UNIX Operating System
                Andrew Berman, Virgil Bourassa and Erik Selberg
                 Department of Computer Science and Engineering
                            University of Washington
                               Seattle, WA  98195
The file protection mechanism provided in UNIX is insufficient for current
computing environments. While the UNIX file protection system attempts to
protect users from attacks by other users, it does not directly address the
agents of destruction-executing processes. As computing environments become more
interconnected and interdependent, there is increasing pressure and opportunity
for users to acquire and test non-secure, and possibly malicious, software.
We introduce TRON, a process-level discretionary access control system for UNIX.
TRON allows users to specify capabilities for a process' access to individual
files, directories, and directory trees. These capabilities are enforced by
system call wrappers compiled into the operating system kernel. No privileged
system calls, special files, system administrator intervention, or changes to
the file system are required. Existing UNIX programs can be run without
recompilation under TRON-enhanced UNIX. Thus, TRON improves UNIX security while
maintaining current standards of flexibility and openness.

Download the full text of this paper in ASCII (39,825 bytes) and POSTSCRIPT (123,876 bytes) form.

To Become a USENIX Member, please see our Membership Information.