Complete.Org: Mailing Lists: Archives: discussion: October 2001:
[aclug-L] FW: Explaining Mandatory Access Control

[aclug-L] FW: Explaining Mandatory Access Control

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: "Aclug Discussion" <discussion@xxxxxxxxx>
Subject: [aclug-L] FW: Explaining Mandatory Access Control
From: "Dale W Hodge" <dwh@xxxxxxxxxxxxxxxx>
Date: Tue, 16 Oct 2001 13:43:02 -0500
Reply-to: discussion@xxxxxxxxx

LINUX SECURITY --- October 16, 2001
Published by -- changing the way you view IT


* New author Jamie Reid begins his tenure by explaining Mandatory
  Access Control and its application to the Linux operating system.

Mandatory Access Control: Silver Bullet or Kafkaesque Nightmare?, Part 1
By Jamie Reid

Given the recent flood of new worms and viruses infecting the Net, it
is worth noting that systems designed to be impervious to these types
of threats are available. But are they really appropriate for
developing and serving Web sites? Yes and no.

A concept called Mandatory Access Control (MAC) makes many of these
secure operating systems different. Though it has been around since the
80's, MAC is still (literally) an obscure bureaucratic methodology not
easily explained in plain language.

What is Mandatory Access Control?
The relationships are divvied up between subjects and objects. The
subjects can be thought of as users, or anything accessing an object.
An object is the process, file, or piece of information being accessed.
All subjects are assigned domains, which can be thought of as security
clearances, and all objects are assigned types, which can be thought of
as security classifications. Security policies are created based upon
the sensitivity of the object not at the discretion of the user that
receives it.

The subject (a user, process, or administrator) may be able to access a
file, but, because the file retains its classification label, they may
not be able to transfer it to another user, or use any system utilities
to copy it from the system. The system recognizes the label on the
file, and will not allow the file to be read or otherwise processed by
a user or process of lesser clearance. The system will check the file
for its classification, and deny another process access to the file
unless the process has adequate clearance.

How is this different from regular Unix permissions?
Any user with ownership of the file can modify regular Unix
permissions. Regardless of the information's sensitivity in a file, it
can be copied, e-mailed, or read by a user if the file's permissions
(read, write, execute, relative to the user, their group, and Everyone)
allow it.

In a MAC system, if a file has been given a specific level of
sensitivity (or context), then the system will not allow certain users,
programs, or even administrators to perform operations on the file.
Though this may sound like a subtle difference, imagine you were able
to set a log file's sensitivity higher than that of the mailer program.
Though you could read, write, and copy the file as needed, not even an
administrator could email the file to another system because the mailer
lacks the clearance to handle information with your file's level of
classification. It is a shift in perspective from using users
like "nobody", "uucp", "www" and their accompanying group ID's to
separate duties on the system, to requiring that each file on the
system have authoritative security information about itself.

Next Week: Mandatory Access Control, Part 2: Enter SELinux


About the author(s)
Jamie Reid is a Network Security Consultant in Toronto. He can be
reached at jreid@xxxxxxxxxx.


LIDS and Mandatory Access Control (MAC) on Linux

Security and Apache: An Essential Primer
Mandatory Versus Discretionary Access Control

Security in Open Systems

AMAC - The Adapted Mandatory Access Control Model


Index of Java in the Enterprise

The Remote Access Nightmare

Corporate Security Policies


- Go to:
- Click on "View my newsletters" to log in and manage your account
- To subscribe, check the box next to the newsletter
- To unsubscribe, uncheck the box next to the newsletter
- When finished, click submit

Questions? Please e-mail customer service at: mailto:support@xxxxxxxxxxx


* Editorial: Andrew Santosusso, Newsletter Editor,
* Advertising: Clare O'Brien, Vice President of Sales,
* Recruitment advertising: Jamie Swartz, Eastern, Regional Sales
  Manager, jamie_swartz@xxxxxxxxxxx or Paul Duthie, Western Regional
  Sales Manager, paul_duthie@xxxxxxxxxxxxx
* Other inquiries: Jodie Naze, Senior Product Marketing Manager,


Copyright 2001, Inc., All Rights Reserved.

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,

[Prev in Thread] Current Thread [Next in Thread]
  • [aclug-L] FW: Explaining Mandatory Access Control, Dale W Hodge <=