A Mandatory Access Control Model with Enhanced Flexibility
The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. Researchers usually combine two modes by confining discretionary access control in mandatory access control scope such as bell-lapadula model. This brings low flexibility of access control. This paper discusses some examples which cant be handled by traditional mandatory access control based on bell-lapadula model and proposes a new method to integrate the flexibility of discretionary access control with security of mandatory access control. Meanwhile, an exception is defined to enhance the flexibility of the model. The security of the model is analyzed and compared with other relative works.
mandatory access control model discretionary access control model flexibility
Yanfang Fan Zhen Han Jiqiang Liu Yong Zhao
School of Computer & Information Technology Beijing Jiaotong University Beijing 100044, PR China School of Computer Beijing University of Technology Beijing 100124, PR China
国际会议
武汉
英文
120-124
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)