| To protect user data and system resources from unauthorized access, modern file systems often equip themselves with various security mechanisms such as access control and data encryption. However, due to the diversity of operating platforms, file systems, and network configurations, such security attributes (of a file) can be lost during data transmission, which can result in potential data leakage. This problem is particularly acute in data backup and restoration, because the loss of security attributes not only exposes data to the danger of unauthorized access, but also leads to security policy breach in the original system after a restoration. The result: unpredictability!To tackle the aforementioned problem, this paper investigates various methods for preserving file security attributes across different file systems and operating platforms. In particular, we propose the policies of attributes backup and attributes mapping as the solution to preserve NTFS file security attributes in a heterogeneous environment. The techniques for implementing the policies are ACL preservation copy and $EFS preservation copy, which can retain file security attributes across NTFS and FAT32 systems. Depending on the target file system and the network environment, our scheme dynamically switches among direct data copy, ACL preservation copy, $EFS preservation copy to ensure automated and smooth preservation of security attributes. Compared to traditional file copy, our scheme can indeed preserve security attributes of the original file/folders and provide effective protection for data transmission across different platforms.Finally, the paper also discusses how to preserve NTFS security attributes in Linux Ext3 system. By mapping NTFS security attributes to Linux extended attributes, we are able to implement a lossless backup and restoration scheme for EFS-encrypted files in Linux environment. |
PDF Full Text Request