Page 282 - DCAP103_Principle of operating system
P. 282
Unit 8: System Protection
access the same object a certain number of times. Three popular non-discretionary access control Notes
policies are discussed in this section.
8.3.5 Mandatory Access Control (MAC)
Mandatory access control (MAC) policy means that access control policy decisions are made
by a central authority, not by the individual owner of an object, and the owner cannot change
access rights. An example of MAC occurs in military security, where an individual data owner
can neither decide who has a Top Secret Clearance, nor the owner can change the classification
of an object from Top Secret to Secret. MAC is the frequently mentioned NDAC policy.
The need for a MAC mechanism arises when the security policy of a system dictates that:
1. Protection decisions must not be decided by the object owner.
2. The system must enforce the protection decisions (i.e., the system enforces the security
policy over the wishes or intentions of the object owner).
Usually a labeling mechanism and a set of interfaces are used to determine access based on the
MAC policy; for example, a user who is running a process at the Secret classification should
not be allowed to read a file with a label of Top Secret. This is known as the “simple security
rule,” or “no read up.” Conversely, a user who is running a process with a label of Secret
should not be allowed to write to a file with a label of Confidential. This rule is called the
“*-property” (pronounced “star property”) or “no write down.” The *-property is required to
maintain system security in an automated environment. A variation on this rule called the “strict
*-property” requires that information can be written at, but not above, the subject’s clearance
level. Multilevel security models such as the Bell-La Padula Confidentiality and Biba Integrity
models are used to formally specify this kind of MAC policy. However, information can pass
through a covert channel in MAC, where information of a higher security class is deduced by
inference such as assembling and intelligently combining information of a lower security class.
Popular mechanisms used in implementing MAC policies are demonstrated.
8.3.6 Role-based Access Control
Although RBAC is technically a form of non-discretionary access control, recent computer security
texts often list RBAC as one of the three primary access control policies (the others are DAC and
MAC). In RBAC, access decisions are based on the roles that individual users have as part of
an organization. Users take on assigned roles (such as doctor, nurse, teller, or manager). Access
rights are grouped by role name, and the use of resources is restricted to individuals authorized
to assume the associated role. For example, within a hospital system, the role of doctor can
include operations to perform a diagnosis, prescribe medication, and order laboratory tests; the
role of researcher can be limited to gathering anonymous clinical information for studies. The
use of roles to control access can be an effective means for developing and enforcing enterprise-
specific security policies and for streamlining the security management process. Under RBAC,
users are granted membership into roles based on their competencies and responsibilities in the
organization. The operations that a user is permitted to perform are based on the user’s role.
User membership into roles can be revoked easily and new memberships established as job
assignments dictate. Role associations can be established when new operations are instituted,
and old operations can be deleted as organizational functions change and evolve. This simplifies
the administration and management of privileges; roles can be updated without updating the
privileges for every user on an individual basis.
When a user is associated with a role, the user can be given no more privileges than is necessary
to perform the job; since many of the responsibilities overlap between job categories, maximum
privilege for each job category could cause unauthorized access. This concept of least privilege
LOVELY PROFESSIONAL UNIVERSITY 275
