Title: Privacy analysis and enhancements for data sharing in *nix systems

Authors: Aameek Singh, Ling Liu, Mustaque Ahamad

Addresses: Storage Systems, IBM Almaden Research Center, 650 Harry Road, San Jose, CA – 95120, USA. ' College of Computing, Georgia Insitute of Technology, 801 Atlantic Drive, Atlanta, GA – 30332, USA. ' College of Computing, Georgia Insitute of Technology, 801 Atlantic Drive, Atlanta, GA – 30332, USA.

Abstract: In this paper, we analyse the data sharing mechanisms of *nix systems and identify an immediate need for better privacy support. For example, using a simple insider attack we were able to access over 84 GB of private data at one organisation of 825 users, including 300 000 e-mails and 579 passwords to financial and other private services websites, without exploiting any technical vulnerability. We present two solutions to address this problem: 1. an administrative auditing tool which can alert administrators and users when their private data is at risk; 2. a new View Based Access Control (VBAC) mechanism which provides stronger and yet convenient privacy support. We also describe a proof-of-concept filesystem-based implementation and performance analysis of VBAC. Our evaluations with three well-known filesystem benchmarks show little overhead of using VBAC.

Keywords: unix privacy; private data sharing; access control; view based access control; VBAC; information security.

DOI: 10.1504/IJICS.2008.022489

International Journal of Information and Computer Security, 2008 Vol.2 No.4, pp.376 - 410

Published online: 09 Jan 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article