An objectbase schema evolution approach to Windows NT security
Jayapalan, Raj Kumar
A security model s ould be designed in such a way that it is transparent to the users, and at the same time easy to maintain and manage even if a very complex security model is required to ensure its proper functions. Schema evolution on the other hand is the timely change of the schema and the consistent management of these changes. Dynamic schema evolution (DSE) is the management of the schema changes while a system is in operation. The various schema evolution operations are similar to the security management operations. Thus this thesis proposes a new security model based on DSE that provides a flexible set of operations that will make security management easier and more understandable. Windows NT is chosen as the test platform and the model is implemented on it The current security model for the Windows NT operating system is powerful and offers many valuable features. The User Manager provided by Windows NT is the primary method for the provision of security maintenance. Our system supports the following features in addition to those currently available on Windows NT. (1) An object-oriented hierarchy, so roles and groups can be supported in a more automated way. (2) A more intuitive user interface so the administrative errors are less likely to be problematic. (3) Simplified security management on a Windows NT platform. (4) Avoids unnecessary creation of objects (users/group) and redundant granting/revoking of privileges. One of the nicest features of the proposed security model is that both the system and the User Manager can operate together. Thus with the proposed model, the maintenance of the security model becomes much easier and more efficient.