Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Configurable Mandatory Access Control Subsystem

IP.com Disclosure Number: IPCOM000108256D
Original Publication Date: 1992-May-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 3 page(s) / 165K

Publishing Venue

IBM

Related People

Camillone, NA: AUTHOR [+3]

Abstract

Disclosed is a design for a configurable subsystem to provide Mandatory Access Controls on the system. This configurable subsystem allows the system administrator to alter the access policy enforced on the system more dynamically than conventional systems permit.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 39% of the total text.

Configurable Mandatory Access Control Subsystem

       Disclosed is a design for a configurable subsystem to
provide Mandatory Access Controls on the system.  This configurable
subsystem allows the system administrator to alter the access policy
enforced on the system more dynamically than conventional systems
permit.

      Mandatory Access Controls (MAC) are a form of access control
based on security levels.  In a system with MAC, each subject (user,
process) and object (file, communications channel) are assigned
security classification that may not be changed except by a system
administrator. Different policies may be enforced with security
classifications, including both integrity and non-disclosure
policies. An example of a non-disclosure policy is:
     A subject that wishes to read an object must have a security
classification that is greater than or equal to the security
classification of the object.  A subject that wishes to write an
object must have a security classification that is less than or equal
to the security classification of the object.

      A security classification has two components.  The security
level is a cardinal value, and two security levels are compared
numerically.  The security categories are a set, and two category
sets are compared with set inclusion - that is, one category set is
greater than or equal to another if the first category set includes
the second set. This need not be proper inclusion.  The security
classification is often described as a security label.

      Conventional MAC subsystems are quite rigid in several regards.
The policy that is enforced is usually fixed.  The number of
categories that may be defined is also fixed. And if the system
administrator wishes to change the meaning of a category or a
security level, it is often necessary to reinstall all the files in
the system and to either redo or invalidate all of the files in the
system archives.

      The disclosed system eliminates these problems in the following
way.  Each MAC label contains a length field and one or more
sublabels. The length field defines the total size of the MAC label
in bytes.  A sublabel includes:
         - TYPE
                 defines the enforcement policy of the sublabel.
This is a one-byte field.
         - GENERATION
                 defines the semantics of the sublabel.  This is a
one- byte field.
         - LEVEL
                 defines the level of the sublabel.  This is a
one-byte field.
         - CATEGORY SET SIZE/REPRESENTATION
                 defines the number of short words used to represent
the category set and how it is represented. Category sets are either
represented directly, in which case the set is a vector and there is
one bit in the vector for each possible category defined in the
system, or they are represented sparsely, in which case the set is a
l...