Security Policy Enforcement at the File System Level in the Windows NT Operating System Family

This paper describes the implementation of an enforcement module for file system security implemented as part of a security architecture for distributed systems which enforces a centrally administered security policy under the Windows NT operating system platform. The mechanism provides mandatory access control, encryption, and auditing on an individual file basis across distributed systems while being fully transparent to both users and application programs and functioning regardless of the type of file system or its attachment mechanism.