论文信息 - A Mandatory Access Control Model with Enhanced Flexibility

A Mandatory Access Control Model with Enhanced Flexibility

The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. Researchers usually combine two modes by confining discretionary access control in mandatory access control scope such as bell-lapadula model. This brings low flexibility of access control. This paper discusses some examples which can't be handled by traditional mandatory access control based on bell-lapadula model and proposes a new method to integrate the flexibility of discretionary access control with security of mandatory access control. Meanwhile, an exception is defined to enhance the flexibility of the model. The security of the model is analyzed and compared with other relative works.

Jiqiang Liu | Zhen Han | Yong Zhao | Yanfang Fan

[1] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[2] Theodore M. P. Lee,et al. Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[3] Jian-Bo He. Analysis of Two Improved BLP Models , 2007 .

[4] Cai Yi. A Planar Attributes Model Based on Multi Level Security Policy , 2004 .

[5] Mike Hibler,et al. The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[6] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.

[7] Sabrina De Capitani di Vimercati,et al. Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[8] Ji Qing,et al. An Improved Dynamically Modified Confidentiality Policies Model , 2004 .

[9] Sun Bo,et al. Design and Implementation of a Security Label Common Framework , 2003 .

[10] Stephen Smalley,et al. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .