In computing systems, security has become more and more important. Most organizations or companies operate upon computing systems such as file systems. However, unauthorized users can attempt illegal operations or accesses to the systems. For example, in a company, certain confidential files cannot be viewed or edited by all employees. The company needs a security mechanism to restrict access to the certain files to only authorized employees (e.g., employees with a manager position or higher). In addition, the company can also need to restrict allowable file operations based on the user requested the operation. For example, a manager can be limited to “view” operations, whereas a vice-president can perform edit operations.
In some situations, restriction to programs utilized by users to access files is needed as well. For example, organizations or companies can prevent users from using an untrusted program to perform operations on certain important files. Therefore, a mechanism for preventing untrusted programs from operating on certain files is also needed.