4th USENIX Conference on File and Storage TechnologiesAbstract
Pp. 169182 of the Proceedings
A Security Model for Full-Text File System
Search in Multi-User Environments
Stefan Büttcher and Charles L. A. Clarke, University of Waterloo
Most desktop search systems maintain per-user indices
to keep track of file contents. In a multi-user environment,
this is not a viable solution, because the same file
has to be indexed many times, once for every user that
may access the file, causing both space and performance
problems. Having a single system-wide index for all
users, on the other hand, allows for efficient indexing but
requires special security mechanisms to guarantee that
the search results do not violate any file permissions.
We present a security model for full-text file system
search, based on the UNIX security model, and discuss
two possible implementations of the model. We show
that the first implementation, based on a postprocessing
approach, allows an arbitrary user to obtain information
about the content of files for which he does not
have read permission. The second implementation does
not share this problem. We give an experimental performance
evaluation for both implementations and point out
query optimization opportunities for the second one.
- View the full text of this paper in HTML and PDF.
Until December 2006, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2005 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.