Modernising MAC: New Forms for Mandatory Access Control in an Era of DRM
By its definition “discretionary access control” or “DAC“ was not designed or intended for use in the untrusted environment of current globally connected information systems. In addition, DAC assumed control and responsibility for all programs vested in the user; a situation now largely obsolete with the rapid development of the software industry itself. However, the superior “mandatory access control” or “MAC” specifications and resulting implementations proved to be unacceptable for commercially oriented systems and their managers. For example, the USA’s National Security Agency’s (NSA) “Secure LINUX” or “SELinux”, program made available under open source arrangements in 2000, aims at changing this state so that the benefits of MAC technology could be used to “harden” commodity ICT products. This paper analyses the need to abandon DAC, suggests variations and enhancements to basic access control concepts and relates the technology to the particular requirements of the “home computer”. However, the potential for this technology to be used to limit competition must also be considered as a new participant is considered, i.e. the “owner” of software or allied systems wishing to impose digital rights management (DRM) requirements on the legitimate user.
KeywordsAccess Control Security Policy Computer Security Digital Right Management Software Piracy
- 1.Caelli, W., The Microcomputer Revolution: Some Social Implications of Advanced Technology, (Monograph No. 1, Australian Computer Society, Sydney, 1979. ISBN 0-909925-21-6).Google Scholar
- 2.Ware, W. H., ed., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, AD # A076617/0, Rand Corporation, Santa Monica, Calif, February 1970, reissued October 1979.Google Scholar
- 3.Kay. R., Distributed and Secure, BYTE Vol. 19, No. 6, June 1994, Pg. 165.Google Scholar
- 4.F. J. Corbato and V. A. Vyssotsky, Introduction and Overview of the Multics System, Fall Joint Computer Conference 1965; http://www.multicians.org/fjccl.html.
- 5.Ryan J., The Effect of Public Budgetary and Policy Decisions on Development of Trusted Systems, http://www.gwu.edu/asemdc/RyanASEM02.html.
- 7.http://www.businessweek.com/technology/content/feb2007/tc20070222677788.htm?link_position=linkl Accessed at 24 Feb 2007.
- 8.SEVMS User’s Guide, Order Number: AA-QC05A-TE, November 1994, Digital Equipment Corporation, Massachusetts. USA.Google Scholar
- 10.Summers, R, C, An overview of computer security, IBM Systems Journal, Vol. 23, No. 4, 1984.Google Scholar
- 11.Ames, S. R. and Neumann, P., Guest Editors’ Introduction: Computer Security Technology, Computer, Vol. 16, No. 7. July 1983.Google Scholar