Protection in File System

The file system is defined as the process of storing the user’s data in the computer operating system. This data can be stored in primary memory or secondary memory devices to store and retrieve information. The File is represented in terms of bits, bytes, or any records that can be defined by the author of the file. Each file has a logical address or location which is used for storing and retrieval process. Without the use of an organized hierarchy in file directories, selecting an individual file that is isolated is a tedious task from the user's end.

File system configuration varies based on the operating system like MacOS, Windows, or Unix systems. Protection of files has to provide by the administrator of the system in terms of a multiuser environment or single author to secure the information saved in the file system from unauthorized or illegal access and any physical damage that occurs on the devices.

File system follows a hierarchical tree structure, where the files are arranged in a directory or folder and contain details about themselves which are called metadata. Metadata contents include file creation date, last modified date, access permission, last access date, author name, and file size. Storing of metadata differs in Windows and UNIX operating systems

Access methods

When a single user uses the file system, providing security factors is quite an easier task but when multiple users access the file system then security mechanisms are to be used to provide better protection to the data. File systems can face a few hardware crashes due to any physical damage or excess heat etc. under these circumstances proper configuration has to be predefined for the backup of the user data.

Access to the file system containing user information can be given to a single or group of users. When data is shared among many employees in an organization, then partial or complete access is provided to the employees based on the level of sensitivity of the shared data.

The access methods are done in three ways to read and store the data into the memory unit.

Sequential method

In this method, the user records are stored and accessed in a predefined sequential order and processing takes place one after the other which is used by most of the compilers.

Index sequential method

In this approach, each file has an index with a pointer pointing to the memory blocks. When the search is made using the index value then the corresponding file is searched sequentially and the pointer brings the file location to the user.

Random method

Based on the address allocated for each file record, the user can search for the record by knowing its address and can perform read or write operations on the file.

Approaches for file protection

The access mechanism can be controlled based on the operations made by the users or employer to the data and those operations include read, write, execute, append, delete, and list. The owner of the file has full rights to control what operations can be done to the file and who has the right to perform it.

Below are the various protection methods that can be applied to the files located in the system −

• Enabling password protection to a group of users to restrict read and write operations

• Using encryption techniques, file access can be restricted. Only the authorized person who has the correct key can decrypt the file and use the data in it. This feature adds security to the confidential data in a single or multi-user environment. There may be chances for a hacker to get knowledge of the encryption algorithm used with sufficient keys to decrypt the files. So, in this case, proper auditing should be done at regular intervals to prevent any hackers from intruding into the process.

• Fingerprints, multi-factor authentication, setting the username and password combinations, using cards, etc. are practical approaches to protect data against illegal access.

• An access control list has to be specified for every file record stored in the database of the operating system. This list provides who are the users and what operations are allowed for accessing the files. These provide privileges to users in reading data from a single file or a directory, writing some new data to the opened file, and executing it.

Access control list

Each ACL list contains two parameters such as subject (whom to grant access to) and operation (what operations are allowed) for users. Consider an example ACL of a file object which has (John: read; Bob: write, execute) this implies John can only read the file whereas Bob can perform write and execute operations. Accessing the files listed with ACL has three modes of access permissions read, write, and execute.

Three classes of users are categorized based on the access level and they are −

Owner or author

The owner of the file who created it has full access permissions to perform all three modes (read, write, and execute) can be represented as RWX

Group users

Permissions that are given for some specific groups usually for reading, writing, and not for executing the files. This can be reconfigured based on the security factors and level of data access.

Public users

All other users come under public division, file permissions needed to be assigned carefully as it is open to the public, and providing full access permission may lead to security threats.

Conclusion

File protection techniques can be implemented based on the environment where security is needed in single or multi-user systems. The above approaches provide security measures in each layer of the data, that is stored in the directory of the file system and it may prevent illegal access to confidential information. Choosing the right type of file-protecting method depends on the owner or group of users in an organization to protect their data against any security attacks.