Modern operating systems drive many of today's technology-based innovations by offering a platform for both hardware and software development while serving many diverse needs. These systems have evolved from more simplistic file management systems to more complex workstations that provide high-end performance at reasonable cost. Such systems often include multi-processing architectures, high-speed memory, advanced peripheral devices, a variety of system libraries and components to aid software development, and intricate/interleaved bus architectures, for example. At the heart of these systems include sophisticated operating systems that manage not only computer-related hardware but, a vast array of software components having various relationships. These components are often described in terms of objects or classes having multi-tiered relationships such as in a hierarchical tree arrangement for files and directories that are found in many data management systems.
Emerging technologies have spawned other type structures and models for storing and managing objects within a database. These include such hierarchical structures as containment hierarchies that enable multiple relationships between respective items or objects. Such hierarchies are often modeled as a Directed Acyclic Graph (DAG) and support multiple path relationships to an item from a root node of the containment hierarchy. Regardless of the type of data structure involved, however, security models have been applied to these systems to determine and facilitate how entities (e.g., users or other components) are permitted access to objects or items residing in the respective structures.
In many aspects, current security models limit the effectiveness of operating systems to manage data both securely and efficiently. For example, one security model implements security by associating an Access Control List (ACL) with every file or directory in a hierarchy. An inheritance model then provides support for specifying a default ACL for newly created items in a directory, but subsequently if the ACL on a directory is changed, the files and folders contained in the hierarchy under that directory are not automatically updated. Also, ACL's specified at any directory can be propagated using higher-level API's, for example. Consequently, every item can override security policy above it and specify an ACL at its level that either explicitly blocks further inheritance from above, or merely re-inherits when a newly created ACL propagates down the hierarchy. Unfortunately, at a volume level, since there is no single place where these different security policies are tracked, (they are generally tracked per-item), it is exceedingly difficult if not impossible to determine a resultant security policy at that level.
As mentioned above, if a new ACL is specified at a directory, it can be propagated down the hierarchy but this usually entails running operations on every file and directory in that hierarchy. For significantly large volumes, this can take an inordinate amount of time. It is noted that even single-instancing ACL's do not alleviate this issue since single-instancing occurs regardless of containment paths. Thus, if two hierarchies happened to have the same ACL on its contained items, and if policy on one of them changed, it would be incorrect to simply update the single-instance table since that would change the policy on the other hierarchy as well.
Other problems with current security models involve the presence of hard links between items that present semantic problems when considered in conjunction with ACL inheritance. For example, when an Item is created under a Folder1, it receives a default ACL1 from Folder1. Creation of a subsequent link to the Item from a Folder2 does not change the security. However, if a new ACL3 on Folder2 is applied to its hierarchy, it changes the ACL on the Item as well. Subsequently, if a new ACL is applied on Folder1, it then inherits down to the Item. Consequently, who or whatever happens to write last overwrites the existing inherited ACL's. This type of security arrangement is at least confusing and more often unpredictable which is highly undesirable.