Abstract
This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.
Chapter PDF
Similar content being viewed by others
References
R. W. Baldwin. Naming & Grouping Privileges to Simplify Security Management in Large Databases. In Proc. 1990 Symposium on Res. in Security & Privacy, pages 116–32. IEEE Computer Society Press, May 1990.
D. E. Bell and L. J. LaPadula. Secure Computer Systems: Unified Exposition & Multics Interpretation. Technical Report MTIS AD-A023588, MITRE Corporation, July 1975.
D. D. Clark and D. R. Wilson. A Comparison of Commercial and Military Security Policies. In Proc. 1987 Symposium on Res. in Security &1 Privacy, pages 184–94. IEEE Computer Society Press, April 1987.
D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20 (7): 504–13, July 1977.
D. E. Denning. Commutative Filters for Reducing Inference Threats in Multilevel Database Systems. In Proc. 1985 Symposium on Res. in Security fil Privacy. IEEE Computer Society Press, April 1985.
J. E. Dobson and J. A. McDermid. Security Models and Enterprise Models. In Landwehr, editor, Database Security II: Status & Prospects, pages 1–39. North-Holland, 1989.
D. E. Denning and W. Shockley. Discussion: Pros and Cons of the Various Approaches. In T. F. Lunt, editor, Research Directions in Database Security, pages 97–103. Springer-Verlag, 1992.
Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold Company New York, 1988. ISBN 0–442–23022.
J. Glasgow, G. MacEwen, and P. Panangaden. A Logic for Reasoning About Security. ACM Transactions on Computer Systems, 10 (3): 226–64, August 1992.
S. Jajodia and B. Kogan. Integrating an Object-Oriented Data Model with Multilevel Security. In Proc. 1990 Symposium on Res. in Security & Privacy, pages 76–85. IEEE Computer Society Press, May 1990.
C. D. Jensen, R. M. Kiel, and R. D. Verjinski. SDDM A Prototype of a Distributed Architecture for Database Security. In Proc. of Int’l Conf. on Data Eng., pages 356–64, Feb 1989.
E. V. Krishnamurthy and A. McGuffin. On the Design & Administration of Secure Database Transactions. ACM SIGSAC Review, pages 63–70, Spring/Summer 1992.
L. G. Lawrence. The Role of Roles. Computers & Security, 12 (1): 15–21, Feb 1993.
L. Liu. On Secure Flow Analysis in Computer Systems. In Proc. 1980 Symposium on Res. in Security he Privacy pages 22–33. IEEE Computer Society Press, April 1980.
J. McHugh. An Information Flow Tool for Gypsy. In Proc. 1985 Symposium on Res. In Security hi Privacy, pages 46–48. IEEE Computer Society Press, April 1985.
M. Nyanchama and S. L. Osborn. Role-Based Security, Object Oriented Databases & Separation of Duty. ACM SIGMOD RECORD, 22 (4): 45–51, Dec 1993.
M. Nyanchama and S. L. Osborn. Role-Based Security: Pros, Cons & Some Research Directions. ACM SIGSAC Review, 2 (2): 11–17, June 1993.
M. Nyanchama and S. L. Osborn. Access Rights Administration in Role-Based Security Systems. In J. Biskup, M. Morgenstern, and C. Landwehr, editors, Database Security VIII: Status h1 Prospects, pages 37–56. North-Holland, August 1994.
M. Nyanchama and S. L. Osborn. Information Flow Analysis in Role-Based Security Systems. “All about nothing”, Journal of Computing ê! Information 1(1):1368–84, May 1994. Special Issue: Proc. of the 6th International Conference on Computing and Information (ICCI), Peterborough, Ontario, Canada.
Matunda Nyanchama. Commercial Integrity, Roles he Object-Orientation. PhD thesis, Department of Computer Science, The University of Western Ontario, London Ontario, N6A 5B7, Canada, September 1994.
Department of Defence. Department of Defence Trusted Computer System Evaluation Criteria DoD 5200–28-STD. Department of Defence, Dec 1985. The Orange Book.
T. C. Ting, S. A. Demurjian, and M. Y. Hu. Requirements Capabilities and Functionalities of User-Role Based Security for an Object-Oriented Design Model. In C. E. Landwehr and S. Jajodia, editors, Database Security V: Status & Prospects, pages 275–96. North-Holland, 1992.
D. J. Thomsen. Role-Based Application Design and Enforcement. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 151–68. North-Holland, 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Nyanchama, M., Osborn, S. (1996). Modeling Mandatory Access Control in Role-Based Security Systems. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds) Database Security IX. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34932-9_9
Download citation
DOI: https://doi.org/10.1007/978-0-387-34932-9_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2954-1
Online ISBN: 978-0-387-34932-9
eBook Packages: Springer Book Archive