Gourt Home::Gourt :: Mandatory access control
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. This may extend or replace discretionary access control for file-system permissions and the concepts of users and groups.
MAC's most important feature involves denying users full control over the access to resources that they create. The system security policy (as set by the administrator) entirely determines the access rights granted, and a user may not grant less restrictive access to their resources than the administrator specifies. (Discretionary access control systems permit users to entirely determine the access granted to their resources, which means that they can (through accident or malice) give access to unauthorised users.)
MAC has the goal of defining an architecture that requires the evaluation of all security-related labels and making decisions based upon the operations context and those same data labels. The FLASK and Generalized Framework for Access Control (GFAC) architectures, coupled with MAC, become enabling technologies of multilevel security systems.
Such an architecture prevents an authenticated user or process at a specific classification or trust-level from accessing information, processes, or devices in a different level. This provides a containment mechanism of users and processes, both known and unknown (an unknown program (for example) might comprise an untrusted application where the system should monitor and/or control accesses to devices and files).
Requirements of an architecture that works to separate data and operations within a computer include:
- non-bypassable
- evaluatable (to determine the usefulness and effectiveness of a rule)
- always-invoked (to preclude by-passing the system)
- tamper-proof
Mainstream MAC implementations
- An NSA research project called SELinux (Security-Enhanced Linux) added a Mandatory Access Control architecture to the Linux kernel. In Red Hat Enterprise Linux version 4 (and future versions), the developers have compiled SELinux into the kernel. The standard Linux kernel from kernel.org has all SE Linux kernel code. SE Linux is capable of restricting all processes in the system, however for ease of use the supported policy in RHEL only restricts the most vulnerable programs.
- SUSE Linux (now supported by Novell) has added a MAC implementation called AppArmor. AppArmor utilizes a Linux 2.6 kernel feature called LSM (Linux Security Modules interface). LSM provides a kernel API, which allows modules of kernel code to govern access control. AppArmor is not capable of restricting all programs and is not yet included in the kernel.org kernel source tree.
- Beginning with version 5.0, the work of the TrustedBSD project has been incorporated into releases of the FreeBSD operating system. Development is a work in progress, and the implementation models as well as the capabilities are constantly improving. MAC on FreeBSD comes with pre-built structures for implementing MAC models such as Biba and Multi-Level Security.
- Sun's Trusted Solaris uses a mandatory and system-enforced access control mechanism (MAC), where clearances and labels are used to enforce a security policy. The applications a user runs are combined with the security level at which the user works in the session. Access to information, programs and devices are controlled and granted at the same or lower level only. MAC prevents users from writing to files at lower levels and is enforced according to the site's security policy. It cannot be overridden without special authorization or privileges.
Historical MAC architectures
Several security-focused operating systems implement MAC, and it forms a core part of the FLASK operating systems.
Comparatives
See also
- Security-related security classification
- Security-related type enforcement
- FreeBSD
- TrustedBSD
- Security Enhanced Linux
- Rule-Set-Based Access Control (RSBAC)
- Security Modes of Operation
- Bell-La Padula security model
- Multi-Level Security - MLS
- Organisation-Based Access Control - Or-BAC
- Biba Integrity Model
- Take-Grant Model
- The Clark-Wilson Integrity Model
- Graham-Denning Model
- Systrace
External Links
- Weblog post on the how virtualization can be used to implement Mandatory Access Control.
Mandatory Access Control | Mandatory access control | 強制アクセス制御 | Принудительный контроль доступа
"Mandatory access control"