Modernising MAC: New Forms for Mandatory Access Control in an Era of DRM

  • William J Caelli
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


By its definition “discretionary access control” or “DAC“ was not designed or intended for use in the untrusted environment of current globally connected information systems. In addition, DAC assumed control and responsibility for all programs vested in the user; a situation now largely obsolete with the rapid development of the software industry itself. However, the superior “mandatory access control” or “MAC” specifications and resulting implementations proved to be unacceptable for commercially oriented systems and their managers. For example, the USA’s National Security Agency’s (NSA) “Secure LINUX” or “SELinux”, program made available under open source arrangements in 2000, aims at changing this state so that the benefits of MAC technology could be used to “harden” commodity ICT products. This paper analyses the need to abandon DAC, suggests variations and enhancements to basic access control concepts and relates the technology to the particular requirements of the “home computer”. However, the potential for this technology to be used to limit competition must also be considered as a new participant is considered, i.e. the “owner” of software or allied systems wishing to impose digital rights management (DRM) requirements on the legitimate user.


Access Control Security Policy Computer Security Digital Right Management Software Piracy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Caelli, W., The Microcomputer Revolution: Some Social Implications of Advanced Technology, (Monograph No. 1, Australian Computer Society, Sydney, 1979. ISBN 0-909925-21-6).Google Scholar
  2. 2.
    Ware, W. H., ed., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, AD # A076617/0, Rand Corporation, Santa Monica, Calif, February 1970, reissued October 1979.Google Scholar
  3. 3.
    Kay. R., Distributed and Secure, BYTE Vol. 19, No. 6, June 1994, Pg. 165.Google Scholar
  4. 4.
    F. J. Corbato and V. A. Vyssotsky, Introduction and Overview of the Multics System, Fall Joint Computer Conference 1965;
  5. 5.
    Ryan J., The Effect of Public Budgetary and Policy Decisions on Development of Trusted Systems,
  6. 6.
  7. 7.
  8. 8.
    SEVMS User’s Guide, Order Number: AA-QC05A-TE, November 1994, Digital Equipment Corporation, Massachusetts. USA.Google Scholar
  9. 9.
  10. 10.
    Summers, R, C, An overview of computer security, IBM Systems Journal, Vol. 23, No. 4, 1984.Google Scholar
  11. 11.
    Ames, S. R. and Neumann, P., Guest Editors’ Introduction: Computer Security Technology, Computer, Vol. 16, No. 7. July 1983.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • William J Caelli
    • 1
    • 2
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia
  2. 2.International Information Security Consultants Pty LtdGavenAustralia

Personalised recommendations