Files are accessed by a user through either the command line or the GUI. If the file is not an executable (a program/application), another piece of software is required to open it. In Chapter 1, Classifying Threats, confidentiality was discussed. In order to maintain confidentiality, it is important for the operating system to control who has permission to access each file.
For single user files, this can be done by having user areas. In order to access a different user's area, the user would have to log out and log in as the other user. This makes collaboration very difficult, and therefore business – and increasingly home – settings need a different system of control.
In Windows Server environments, Management of Access Control in the Enterprise (MACE) is used to classify files and control access. MACE combines data collection with data visualization so that an administrator gets a representation of who has access to what over the network. The data collection element discovers the server's effective permissions on folders, shared drives, and File Classification Infrastructure (FCI) files, as well as group and user information from Active Directory. This allows MACE to understand which users have access to which files and folders.
Windows uses a series of Access Control Lists (ACL), which grant or limit access based on the individual user ID, groups, and roles. The CEO's personal assistant, for example, would sit in the admin's group, but would still require access to exec documents. It doesn't make sense to allow him/her to be an exec, nor to allow all the admin group access to exec documents. The ACL may, therefore, be broadly group/role-based, and then a specific exception can be made for the user. The following screenshot shows the MACE visualization of the users and groups who have access to the TestResearchServer1AreasResources folder. Notice that access control is at the group-based and user-based access levels:
In Linux, ACLs may also be used. However, most systems don't operate ACLs, and instead use traditional Unix permissions. This is often referred to as owner-group-world and is not as granular as ACLs. Each file specifies what users can do (read, write, or execute) depending on what group they belong to (owner, group, or world). When listed with the ls command, as in the following table, the symbolic notation has an additional character (and the numeric notation has an additional number) which relates to the file type –this is not related to permissions. In symbolic notation, there are three values (rwx) which are given to owner, group, and world in turn. In numeric notation, there is a file type number, and then a single number each for owner, group, and world. A read bit adds 4 to the total, the write bit adds 2, and the execute bit adds 1. The digit is therefore limited to values between 0 and 7:
| Symbolic notation | Numeric notation | English |
| ---------- | 0000 | No permission |
| -rwx------ | 0700 | The file owner can read, write, and execute; no one else has any permission |
| -rwxrwx--- | 0770 | The file owner and group can read, write, and execute; others have no permission |
| -rwxrwxrwx | 0777 | Anyone can read, write, and execute |
| ---x--x--x | 0111 | Anybody can execute |
| --w--w--w- | 0222 | Anybody can write |
| --wx-wx-wx | 0333 | Anybody can write and execute |
| -r--r--r-- | 0444 | Anyone can read |
| -r-xr-xr-x | 0555 | Anyone can read and execute |
| -rw-rw-rw- | 0666 | Anyone can read and write |
| -rwxr----- | 0740 | The owner can read, write, and execute; the group can only read; others have no permissions |
The following screenshot shows the output from the Linux ls command. The -a argument denotes all, including hidden files, while the -l argument denotes long list format, which shows things such as file size and permissions. When multiple option arguments (for example, -a and -l) are used on the same process, they can be written with a single hyphen (-) sign, as shown (that is, -al specifies both -a and -l). Notice the symbolic notation associated with each file; mm.sh is executable by anybody, whereas raspberry.sh is only executable by the owner. Notice that all of the folders (denoted by the d on the left-hand side) are 4,096 bytes in length, reflecting a 4 k-sector instead of a 512-byte sector:
Once a user's credentials have been verified, the relevant application or process allocates the file to memory. As programs and files increase in size, they become too large to be held in RAM. Operating systems can use mass storage (for example, HDD/SSD) space to extend RAM capacity. In Windows, this memory is called virtual memory and in Linux it is called swap. This can either be a swap partition (a completely separate disk space which is only used for swap), or a (series of) swap file(s). Swap files are created on the same partition as other system and user files, and so they can be allocated and extended by the user, rather than our having to create or extend a disk partition.
Windows has a number of different methods for generating and allocating virtual memory, as described in the following table:
| Memory allocation function | Description and usage |
| VirtualAlloc |
|
| HeapAlloc |
|
| LocalAlloc |
|
| CoTaskMemAlloc |
|
Each memory allocation method has advantages and disadvantages, so the choice of which to use is dependent on the application and what functionality is required of the page file/virtual memory allocation.