Mandatory access control
Encyclopedia
In computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

, mandatory access control (MAC) refers to a type of access control
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...

 by which the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

 constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...

/UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...

 ports, shared memory segments, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...

 examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules (aka policy) to determine if the operation is allowed. A database management system
Database management system
A database management system is a software package with computer programs that control the creation, maintenance, and use of a database. It allows organizations to conveniently develop databases for various applications by database administrators and other specialists. A database is an integrated...

, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

With mandatory access control, this security policy is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. By contrast, discretionary access control
Discretionary access control
In computer security, discretionary access control is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong...

 (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions and/or assign security attributes. (The traditional Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...

 system of users, groups, and read-write-execute permissions is an example of DAC.) MAC-enabled systems allow policy administrators to implement organization-wide security policies. Unlike with DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users.

Historically and traditionally, MAC has been closely associated with multi-level secure (MLS) systems. The Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria is a United States Government Department of Defense standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system...

(TCSEC), the seminal work on the subject which is often referred to as the "Orange Book", defines MAC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity". Early implementations of MAC such as Honeywell
Honeywell
Honeywell International, Inc. is a major conglomerate company that produces a variety of consumer products, engineering services, and aerospace systems for a wide variety of customers, from private consumers to major corporations and governments....

's SCOMP, USAF SACDIN, NSA Blacker, and Boeing
Boeing
The Boeing Company is an American multinational aerospace and defense corporation, founded in 1916 by William E. Boeing in Seattle, Washington. Boeing has expanded over the years, merging with McDonnell Douglas in 1997. Boeing Corporate headquarters has been in Chicago, Illinois since 2001...

's MLS LAN focused on MLS to protect military-oriented security classification levels with robust enforcement. Originally, the term MAC denoted that the access controls were not only guaranteed in principle, but in fact. Early security strategies enabled enforcement guarantees that were dependable in the face of national lab level attacks.

More recently, with the advent of implementations such as SELinux
Security-Enhanced Linux
Security-Enhanced Linux is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules in the Linux kernel...

 (incorporated into Linux kernels from 2.6) and Mandatory Integrity Control
Mandatory Integrity Control
In the context of the Microsoft Windows range of operating systems, Mandatory Integrity Control or Integrity Levels is a core security feature, introduced in Windows Vista and Windows Server 2008, that adds Integrity Levels to processes running in a...

 (incorporated into Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

 and newer), MAC has started to become more mainstream and is evolving out of the MLS niche. These more recent MAC implementations have recognized that the narrow TCSEC definition, focused as it was on MLS, is too specific for general use. These implementations provide more depth and flexibility than earlier MLS-focused implementations, allowing (for example) administrators to focus on issues such as network attacks and malware without the rigor or constraints of MLS systems.

Implications of the term mandatory

In the context of MLS, the term mandatory used with access controls has historically implied a very high degree of robustness that assures that the control mechanisms resist subversion, thereby enabling them to enforce an access control policy that is mandated by some regulation that must be absolutely enforced, such as the Executive Order 12958
Executive Order 12958
Executive Order 12958 created new standards for the process of identifying and protecting classified information, and led to an unprecedented effort to declassify millions of pages from the U.S. diplomatic and national security history. In 1995, United States President William J. Clinton signed...

 for US classified information.

For MAC, the access control decision is contingent on verifying the compatibility of the security properties of the data and the clearance properties of the individual (or the process proxying for the individual). The decision depends on the integrity of the metadata (e.g. label) that defines the security properties of the data, as well as the security clearance of the individual or process requesting access. For example, if a security label can be changed by a user, a surprisingly common vulnerability in some self-proclaimed 'MAC capable' systems, then that user can corrupt the access controls. Security mechanisms that protect such metadata and the access control decision logic from corruption are MAC-critical objects and require appropriate robustness.

The term mandatory in MAC has acquired a special meaning derived from its use with military systems. MAC means access controls that are mandated by order of a government and so enforcement is supposed to be more imperative than for commercial applications. This precludes enforcement by best-effort mechanisms, only mechanisms that can provide absolute, or near-absolute enforcement of the mandate are acceptable for MAC. This is a tall order and sometimes assumed unrealistic by those unfamiliar with high assurance strategies, and very difficult for those who are.

Vendors claiming to enforce MAC are sometimes making claims beyond their capability, and sometimes making claims beyond their understanding. The claim that MAC is enforced implies a claim of very high robustness. Vendors claiming MAC capability do usually have functions that enable defining of MAC privileges and rules but their implementations can be woefully unable to enforce them under even the mildest of attack. Ordinary 'best practices' does not produce software that has this kind of assurance level; in fact, no successful software-only approach has ever been documented. The only approach that has succeeded at protecting MAC controls from subversion has been to design the kernel to maintain a domain for its own execution using highly specialized hardware designed into the microprocessor architecture. Besides its cost, this is often unpopular because it affects portability of the operating system.

Degrees of MAC system strength

In some systems users have the authority to decide whether to grant access to any other user. To allow that, all users have clearances for all data. This is not necessarily true of a MAC system. If individuals or processes exist that may be denied access to any of the data in the system environment, then the system must be trusted to enforce MAC. Since there can be various levels of data classification and user clearances, this implies a quantified scale for robustness. For example, more robustness is indicated for system environments containing classified Top Secret
Top Secret
Top Secret generally refers to the highest acknowledged level of classified information.Top Secret may also refer to:- Film and television :* Top Secret , a British comedy directed by Mario Zampi...

 information and uncleared users than for one with Secret information and users cleared to at least Confidential. To promote consistency and eliminate subjectivity in degrees of robustness, an extensive scientific analysis and risk assessment of the topic produced a landmark benchmark standardization quantifying security robustness capabilities of systems and mapping them to the degrees of trust warranted for various security environments. The result was documented in CSC-STD-004-85. Two relatively independent components of robustness were defined: Assurance Level and Functionality. Both were specified with a degree of precision that warranted significant confidence in certifications based on these criteria.

Evaluation of MAC system strength

The Common Criteria
Common Criteria
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...

 is based on this science and it intended to preserve the Assurance Level as EAL levels
Evaluation Assurance Level
The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to...

 and the functionality specifications as Protection Profile
Protection Profile
A Protection Profile is a document used as part of the certification process according to the Common Criteria . As the generic form of a Security Target , it is typically created by a user or user community and provides an implementation independent specification of information assurance security...

s. Of these two essential components of objective robustness benchmarks, only EAL levels were faithfully preserved. In one case, TCSEC level C2 (not a MAC capable category) was fairly faithfully preserved in the Common Criteria, as the Controlled Access Protection Profile (CAPP). Multilevel security
Multilevel security
Multilevel security or Multiple Levels of Security is the application of a computer system to process information with different sensitivities , permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for...

 (MLS) Protection Profiles (such as MLSOSPP similar to B2) is more general than B2. They are pursuant to MLS, but lack the detailed implementation requirements of their Orange Book
Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria is a United States Government Department of Defense standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system...

 predecessors, focusing more on objectives. This gives certifiers more subjective flexibility in deciding whether the evaluated product’s technical features adequately achieve the objective, potentially eroding consistency of evaluated products and making it easier to attain certification for less trustworthy products. For these reasons, the importance of the technical details of the Protection Profile is critical to determining the suitability of a product.

Such an architecture prevents an authenticated user or process at a specific classification or trust-level from accessing information, processes, or devices in a different level. This provides a containment mechanism of users and processes, both known and unknown (an unknown program (for example) might comprise an untrusted application where the system should monitor and/or control accesses to devices and files).

Implementations

A few MAC implementations, such as Unisys
Unisys
Unisys Corporation , headquartered in Blue Bell, Pennsylvania, United States, and incorporated in Delaware, is a long established business whose core products now involves computing and networking.-History:...

' BLACKER
BLACKER
BLACKER is a U.S. Department of Defense computer network security project designed to achieve A1 class ratings of the Trusted Computer System Evaluation Criteria . The project was implemented by SDC and Burroughs...

 project, were certified robust enough to separate Top Secret from Unclassified late in the last millennium. Their underlying technology became obsolete and they were not refreshed. Today there are no current implementations certified by TCSEC to that level of robust implementation. However, some less robust products exist.
  • Amon Ott's RSBAC (Rule Set Based Access Control) provides a framework for Linux kernels that allows several different security policy / decision modules. One of the models implemented is Mandatory Access Control model. A general goal of RSBAC design was to try to reach (obsolete) Orange Book (TCSEC) B1 level. The model of mandatory access control used in RSBAC is mostly the same as in Unix System V/MLS, Version 1.2.1 (developed in 1989 by the National Computer Security Center of the USA with classification B1/TCSEC). RSBAC requires a set of patches to the stock kernel, which are maintained quite well by the project owner.

  • An NSA research project called SELinux
    Security-Enhanced Linux
    Security-Enhanced Linux is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules in the Linux kernel...

    added a Mandatory Access Control architecture to the Linux Kernel
    Linux kernel
    The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....

    , which was merged into the mainline version of Linux in August 2003. It utilizes a Linux 2.6 kernel feature called LSM
    Linux Security Modules
    Linux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...

     (Linux Security Modules interface). Red Hat Enterprise Linux
    Red Hat Enterprise Linux
    Red Hat Enterprise Linux is a Linux-based operating system developed by Red Hat and targeted toward the commercial market. Red Hat Enterprise Linux is released in server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and desktop versions for x86 and x86-64...

     version 4 (and later versions) come with an SELinux-enabled kernel. Although SELinux is capable of restricting all processes in the system, the default targeted policy in RHEL
    Red Hat Enterprise Linux
    Red Hat Enterprise Linux is a Linux-based operating system developed by Red Hat and targeted toward the commercial market. Red Hat Enterprise Linux is released in server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and desktop versions for x86 and x86-64...

     confines the most vulnerable programs from the unconfined domain in which all other programs run. RHEL 5 ships 2 other binary policy types: strict, which attempts to implement least privilege, and MLS, which is based on strict and adds MLS
    Multilevel security
    Multilevel security or Multiple Levels of Security is the application of a computer system to process information with different sensitivities , permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for...

     labels. RHEL 5 contains additional MLS enhancements and received 2 LSPP
    Labeled Security Protection Profile
    Labeled Security Protection Profile is a protection profile within the Common Criteria for Information Technology Security Evaluation, a set of security functional and assurance requirements for IT products...

    /RBACPP/CAPP/EAL4+ certifications in June 2007.

  • TOMOYO Linux
    TOMOYO Linux
    TOMOYO Linux is a Mandatory Access Control implementation for Linux operating systems.Despite its name, it is not a Linux distribution.Overview=...

    is a lightweight MAC implementation for Linux
    Linux
    Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

     and Embedded Linux
    Embedded Linux
    Embedded Linux is the use of Linux in embedded computer systems such as mobile phones, personal digital assistants, media players, set-top boxes, and other consumer electronics devices, networking equipment, machine control, industrial automation, navigation equipment and medical instruments...

    , developed by NTT Data Corporation. It has been recently merged in Linux Kernel mainline version 2.6.30 (June 2009). Differently from the label-based approach used by SELinux, TOMOYO Linux performs a pathname-based Mandatory Access Control
    Mandatory access control
    In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...

    , separating security domains according to process invocation history, which describes the system behavior. Policy are described in terms of pathnames. A security domain is simply defined by a process call chain, and represented as a string. There are 4 modes: disabled, learning, permissive, enforcing. Administrators can assign different modes for different domains. TOMOYO Linux introduced the "learning" mode, in which the accesses occurred in the kernel are automatically analyzed and stored to generate MAC policy: this mode can be used as first step of policy writing, making it easy to customize later.

  • SUSE Linux ( supported by Novell
    Novell
    Novell, Inc. is a multinational software and services company. It is a wholly owned subsidiary of The Attachmate Group. It specializes in network operating systems, such as Novell NetWare; systems management solutions, such as Novell ZENworks; and collaboration solutions, such as Novell Groupwise...

    ) and Ubuntu
    Ubuntu (operating system)
    Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...

     7.10 have added a MAC implementation called AppArmor
    AppArmor
    AppArmor is a security module for the Linux kernel, released under the GNU General Public License. AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. It supplements the traditional Unix discretionary access...

    . AppArmor utilizes a Linux 2.6 kernel feature called LSM
    Linux Security Modules
    Linux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...

     (Linux Security Modules interface). LSM provides a kernel API
    Application programming interface
    An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

     that allows modules of kernel code to govern access control. AppArmor is not capable of restricting all programs and is merged into the mainline Linux kernel as of version 2.6.36. In most Linux distributions MAC is not installed.

  • grsecurity
    Grsecurity
    grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...

     is a patch for the Linux kernel providing a MAC implementation (precisely, it is a RBAC implementation). Compared to SELinux and AppArmor
    AppArmor
    AppArmor is a security module for the Linux kernel, released under the GNU General Public License. AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. It supplements the traditional Unix discretionary access...

    , grsecurity is not implemented by default in any Linux
    Linux
    Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

     distribution except for the Tor-ramdisk
    Tor-ramdisk
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet...

     micro Linux distribution. Hardened Gentoo
    Hardened Gentoo
    Hardened Gentoo is a project of Gentoo Linux that is enhancing the distribution with security addons. Current security enhancements to Gentoo Linux can be:*SELinux**A system of mandatory access controls...

     offers a pre-patched kernel with grsecurity. grsecurity also disables the kernel LSM
    Linux Security Modules
    Linux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...

     API. Despite LSM being developed as a security API, LSM provides hooks that could be used by rootkit
    Rootkit
    A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

    s.

  • Microsoft
    Microsoft
    Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

     Starting with Windows Vista
    Windows Vista
    Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

     and Server 2008 Windows incorporates Mandatory Integrity Control
    Mandatory Integrity Control
    In the context of the Microsoft Windows range of operating systems, Mandatory Integrity Control or Integrity Levels is a core security feature, introduced in Windows Vista and Windows Server 2008, that adds Integrity Levels to processes running in a...

    , which adds Integrity Levels (IL) to processes running in a login session. MIC restricts the access permissions of applications that are running under the same user account and which may be less trustworthy. Five integrity levels are defined: Low, Medium, High, System, and Trusted Installer. Processes started by a regular user gain a Medium IL; elevated
    UAC
    - Computing :* User Account Control, a Windows security feature* User Agent Client, part of the Session Initiation Protocol user agent that is behaving like a client-server client...

     processes have High IL. While processes inherit the integrity level of the process that spawned it, the integrity level can be customized on a per-process basis: e.g. IE7
    Internet Explorer 7
    Windows Internet Explorer 7 is a web browser released by Microsoft in October 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser in more than 5 years...

     and downloaded executables run with Low IL. Windows controls access to objects
    Object Manager (Windows)
    Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical objects, resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry entries or even...

     based on ILs, as well as for defining the boundary for window messages via User Interface Privilege Isolation
    User Interface Privilege Isolation
    User Interface Privilege Isolation is a technology introduced in Windows NT 6.0 to combat shatter attack exploits. By making use of Mandatory Integrity Control, it prevents processes with a lower "integrity level" from sending messages to higher IL processes...

    . Named objects
    Object Manager (Windows)
    Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical objects, resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry entries or even...

    , including files
    Computer file
    A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...

    , registry
    Windows registry
    The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...

     keys or other processes
    Process (computing)
    In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...

     and threads
    Thread (computer science)
    In computer science, a thread of execution is the smallest unit of processing that can be scheduled by an operating system. The implementation of threads and processes differs from one operating system to another, but in most cases, a thread is contained inside a process...

    , have an entry in the ACL
    Access control list
    An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...

     governing access to them that defines the minimum IL of the process that can use the object. MIC enforces that a process can write to or delete an object only when its IL is equal to or higher than the object’s IL. Furthermore, to prevent access to sensitive data in memory, processes can’t open processes with a higher IL for read access.

  • FreeBSD
    FreeBSD
    FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...

     supports Mandatory Access Control, implemented as part of the TrustedBSD project. It was introduced in FreeBSD 5.0. Since FreeBSD 7.2, MAC support is enabled by default. The framework is extensible; various MAC modules implement policies such as Biba and Multi-Level Security.

  • Sun's Trusted Solaris uses a mandatory and system-enforced access control mechanism (MAC), where clearances and labels are used to enforce a security policy. However note that the capability to manage labels does not imply the kernel strength to operate in Multi-Level Security mode. Access to the labels and control mechanisms are not robustly protected from corruption in protected domain maintained by a kernel. The applications a user runs are combined with the security label at which the user works in the session. Access to information, programs and devices are only weakly controlled.

  • Apple's Mac OS X MAC framework is an implementation of the TrustedBSD MAC framework. A limited high-level sandboxing interface is provided by the command-line function sandbox_init. See the sandbox_init manual page for documentation.

  • Oracle Label Security is an implementation of mandatory access control in the Oracle DBMS.

  • SE-PostgreSQL is a work in progress as of 2008-01-27, providing integration into SE-Linux. It aims for integration into version 8.4, together with row-level restrictions.

  • Trusted RUBIX is a mandatory access control enforcing DBMS that fully integrates with SE-Linux to restrict access to all database objects.

See also

  • Mandatory Integrity Control
    Mandatory Integrity Control
    In the context of the Microsoft Windows range of operating systems, Mandatory Integrity Control or Integrity Levels is a core security feature, introduced in Windows Vista and Windows Server 2008, that adds Integrity Levels to processes running in a...

  • Role-based access control
    Role-Based Access Control
    In computer systems security, role-based access control is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees, and can be implemented via mandatory access control or discretionary access control...

     — RBAC
  • Discretionary access control
    Discretionary access control
    In computer security, discretionary access control is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong...

  • Capability-based security
    Capability-based security
    Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights...

  • Security-related security classification
  • Security-related type enforcement
    Type enforcement
    The concept of type enforcement in the field of information technology is related to access control. Implementing TE, gives priority to “mandatory access control” over “discretionary access control” . Access clearance is first given to a subject accessing objects based on rules defined in an...

  • GWVr2 — Least Privilege Infrastructure and Information Flow Security Policy
  • Rule-Set-Based Access Control (RSBAC)
    RSBAC
    RSBAC is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 .-Features:*Free open source Linux kernel security extension....

  • Security Modes of Operation
    Security modes
    Generally, Security modes refer to information systems security modes of operations used in mandatory access control systems. Often, these systems contain information at various levels of security classification...

  • Bell–LaPadula model
  • Multiple Single-Level (MSL)
    Multiple Single-Level
    Multiple Single-Level or Multi-Security Level is a method of separating different levels of data by using separate PCs or virtual machines for each level...

  • Organisation-Based Access Control (Or-BAC)
    Organisation-based access control
    In computer security, organization-based access control is an access control model first presented in 2003. The current approaches of the access control rest on the three entities to control the access the policy specifies that some subject has the permission to realize some action on some...

  • Take-Grant Model
  • The Clark-Wilson Integrity Model
  • Graham-Denning Model
    Graham-Denning model
    The Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted.It also addresses how to assign specific access rights...

  • Systrace
    Systrace
    Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities...


External links

  • Weblog post on the how virtualization can be used to implement Mandatory Access Control.
  • Weblog post from a Microsoft employee detailing Mandatory Integrity Control and how it differs from MAC implementations.
  • GWV Formal Security Policy Model A Separation Kernel Formal Security Policy, David Greve, Matthew Wilding, and W. Mark Vanfleet.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK