Integrating Discretionary and Mandatory Access Controls

نویسنده

  • Jon A. Solworth
چکیده

Traditionally DACs and MACs have been implemented on orthogonal axes: For an operation to be performed, both MAC and DAC access checks must succeed. In this paper, we explore the consequences of making the MAC system primary and allowing only DAC accesses which are consistent with MAC accesses. This both refines the DAC permissions while reducing the complexity of the policy specification. This study also provides increased understanding of MAC and DAC interaction.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Role-Based Access Controls

While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organiza...

متن کامل

Role-Based Access Control

While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organiza...

متن کامل

Discretionary and Mandatory Controls for Role-Based Administration

Role-based access control is an important way of limiting the access users have to computing resources. While the basic concepts of role-based access control are now well understood, there is no consensus on the best approach to managing role-based systems. In this paper, we introduce a new model for role-based administration, using the notions of discretionary and mandatory controls. Our model...

متن کامل

Using Security Methods to Enforce Mandatory and Discretionary Access Control in an Object Database

In this paper, we propose a new security enforcement mechanism and demonstrate how this mechanism can enforce policies for both mandatory access control (MAC) and discretionary access control (DAC) in an object database system. Each class may have a security method that can block messages that leave instances of the class, and can block messages directed to instances of the class. Each supercla...

متن کامل

Functionality-based Application Confinement - Parameterised Hierarchical Application Restrictions

Traditional user-oriented access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot differentiate between processes acting on behalf of users and those behaving maliciously. Consequently, these models are limited in their ability to protect users from the threats posed by vulnerabilities and malicious software as all code executes with full acces...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004