Mandatory access control
From Free net encyclopedia
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. This may extend or replace discretionary access control for file-system permissions and the concepts of users and groups.
MAC's most important feature involves denying users full control over the access to resources that they create. The system security policy (as set by the administrator) entirely determines the access rights granted, and a user may not grant less restrictive access to their resources than the administrator specifies. (Discretionary access control systems permit users to entirely determine the access granted to their resources, which means that they can (through accident or malice) give access to unauthorised users.)
MAC has the goal of defining an architecture that requires the evaluation of all security-related labels and making decisions based upon the operations context and those same data labels. The FLASK and Generalized Framework for Access Control (GFAC) architectures, coupled with MAC, become enabling technologies of multilevel security systems.
Such an architecture prevents an authenticated user or process at a specific classification or trust-level from accessing information, processes, or devices in a different level. This provides a containment mechanism of users and processes, both known and unknown (an unknown program (for example) might comprise an untrusted application where the system should monitor and/or control accesses to devices and files).
Requirements of an architecture that works to separate data and operations within a computer include:
- non-bypassable
- evaluatable (to determine the usefulness and effectiveness of a rule)
- always-invoked (to preclude by-passing the system)
- tamper-proof
Mainstream MAC implementations
An NSA research project called SELinux (Security-Enhanced Linux) added a Mandatory Access Control architecture to the Linux kernel. In [Red Hat Enterprise Linux] version 4 (and future versions), the developers have compiled SELinux into the kernel. The standard Linux kernel from kernel.org has all SE Linux kernel code. SE Linux is capable of restricting all processes in the system, however for ease of use the supported policy in RHEL only restricts the most vulnerable programs.
SUSE Linux (now supported by Novell) has added a MAC implementation called AppArmor. AppArmor utilizes a Linux 2.6 kernel feature called LSM (Linux Security Modules interface). LSM provides a kernel API, which allows modules of kernel code to govern access control. AppArmor is not capable of restricting all programs and is not yet included in the kernel.org kernel source tree.
Historical MAC architectures
Several security-focused operating systems implement MAC, and it forms a core part of the FLASK operating systems.
See also
- Security-related security classification
- Security-related type enforcement
- FreeBSD
- TrustedBSD
- Security Enhanced Linux
- Rule-Set-Based Access Control (RSBAC)
- Security Modes of Operation
- Bell-La Padula security model
- Multi-Level Security - MLS
- Discretionary Access Control - DAC
- Role-Based Access Control - RBAC
- Organisation-Based Access Control - Or-BAC
- Biba Integrity Model
- Take-Grant Model
- The Clark-Wilson Integrity Model
- Graham-Denning Modelde:Mandatory Access Control
fr:Mandatory access control ja:強制アクセス制御 ru:Принудительный контроль доступа