Title :
A Mandatory Access Control Model with Enhanced Flexibility
Author :
Yanfang Fan ; Zhen Han ; Jiqiang Liu ; Yong Zhao
Author_Institution :
Sch. of Comput. & Inf. Technol., Beijing Jiaotong Univ., Beijing, China
Abstract :
The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. Researchers usually combine two modes by confining discretionary access control in mandatory access control scope such as bell-lapadula model. This brings low flexibility of access control. This paper discusses some examples which can´t be handled by traditional mandatory access control based on bell-lapadula model and proposes a new method to integrate the flexibility of discretionary access control with security of mandatory access control. Meanwhile, an exception is defined to enhance the flexibility of the model. The security of the model is analyzed and compared with other relative works.
Keywords :
authorisation; bell-lapadula model; discretionary access control; enhanced flexibility; mandatory access control model; secure operating systems; sensitivity labels; user identity; Access control; Authorization; Computer networks; Computer security; Electronic mail; Information security; Information technology; Multimedia systems; Operating systems; Protection; discretionary access control model; flexibility; mandatory access control model;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
DOI :
10.1109/MINES.2009.267
