Accommodative mandatory access control
In operating system access control, there is a traditional divide between discretionary access control (DAC), on one side, and mandatory access control (MAC), on the other side. Compositions of MAC and DAC have been modeled and implemented as operating system access control mechanisms. With composition, two access control decisions (one for DAC and one for MAC) have to concur for an access request to be allowed. DAC is typically supported by coarse grained mechanisms, and it vulnerable to Trojan horse attacks, two limitations that are addressed by MAC. MAC mechanisms are therefore of interest to security-conscious users and application developers that want to confine applications they use or develop. MAC mechanisms, however, can only be configured by administrative users and as such can not be used by regular users. This dissertation explores how MAC mechanisms can be made available to regular users of an operating system. Our approach consists in extending the Type Enforcement MAC model with an administrative model. We call this approach accommodative mandatory access control.^
Jan Vitek, Purdue University, Patrick Eugster, Purdue University.