International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 Mandatory Access Control – Problems in it and propose a model which overcomes them Yash Dholakia I.T, R.G.I.T, Mumbai, India -------------------------------------------------------------------------------------------------------------------------------- Abstract: The research is regarding Mandatory Access Confidentiality means that organization’s data cannot be Control (MAC) which is used to specify the access for each accessed by some unauthorized person. The valuable (user) and object (data). This specifying access to both information has to be kept secure from such subjects and objects is done with the help of security levels. unauthorized access. Integrity deals with consistency, MAC is an example of Multilevel Security (MLS). There are validity and accuracy of data or information of an 4 security levels in MAC. These levels include top secret, organization [3]. It means that any unauthorized person secret, confidential and unclassified [7]. However, these should not be able to modify data which results in 4 security levels seem antiquated and do not seem to be in inconsistency, invalidity and inaccuracy of data and accordance with this generation’s organization or eventually loss of integrity. Availability means that data business. The use of fourth security level unclassified seems should always be available for authorized users and at ambiguous. In an organization, the people at the lowest the same time ensure security of data from unauthorized level come under this category. However, they still have access. There should not be denial of services for some access to organization’s data or information which authorized person. It should be able to access data common people don’t have. Hence there is no level for anytime he wants. Confidentiality can be ensured by common people who can gain valuable information about using the organization. This step is very important because marketing is the most important thing in this generation Encrypting data of organization [3] for an organization or a business to be successful. Without Authentication [3] marketing, an organization cannot reach its new heights, Access control [3] same thing goes for business. A business or an organization can attain success by providing some Encrypt data to protect it from unauthorized access. valuable information to common people. Any information Authentication means providing passwords, token or data which has to be kept confidential (business authentication or biometric identification [12]. Access strategies, employee’s information, etc.) should be kept controls are of following types very secure and confidential. The information to be shown Discretionary access control (DAC) to be shown to common people may include its goal, its rankings nationwide or worldwide and so on.Thus, a Mandatory access control (MAC) newer version of mandatory access control must include Role-based access control(RBAC) this feature of providing some information to anyone and DAC is based on granting and revoking privileges. The at the same time keeping confidential information or data owner of the relation grants and revoke privileges like very secure. Problem analysis describes this problem in create table, insert, delete, update to different users [7]. detail. In RBAC, DBA (database administrator) assigns different Keywords: Mandatory Access Control, Organization, roles to different users. These roles are of 2 types, either Filtration, Polyinstantization. allows access to a specific role for a specific user or decline access to a specific role for a specific user. MAC 1. Introduction: assigns security levels to different subjects (users) and objects (relations attribute). There are 4 security levels 1.1 Background review: mentioned according to their priorities: TOP SECRET (TS) In order to make an organization’s data secure, 3 SECRET (S) security goals have to be satisfied. These security goals CONFIDENTIAL (C) include [7] UNCLASSIFIED (U) Confidentiality Integrity Availability © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2031 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 1.2 Summary: Top secret Mandatory Access Control policies regulate access to data by subjects on basis of predefined classification of priority subjects and objects in the system, objects are passive entities storing information such as relations, tuples in a Secret relation or elements in a tuple; whereas subjects are active entities performing data access [6]. The security levels in MAC are top secret (TS), secret (S), confidential Confidential ( C ) and unclassified (U), where top secret is at highest level and unclassified at lowest. It can be represented as Unclassified TS > S > C >U [7]. There are 2 phases in MAC [2]. First phase is assigning levels of BLP or Biba [2]. Second phase is access enforcement which answers the query “ can subject S perform action A on object O [2]. Thus, MAC is an access control in which administrator manages the MAC can be implemented using Bell-LaPadula (BLP) access control [11]. The usage and access policies model or Biba model [2]. In BLP, classification of subject defined by the administrator cannot be changed or is represented as class(S) and object as class(O) [7]. Bell- modified by the end users [11]. The access policy LaPadula model implements MAC using 2 properties: indicates which subjects (users) have access to which objects. MAC has a number of challenging problems and 1. A subject S is not allowed read access to an object research is done on these problems. The use of MAC as O unless class(S) >= class(O) [7] . Multilevel Security (MLS) is restricted and is decreasing 2. A subject S is not allowed to write an object O [8]. MAC contains problems like unless class(S) <= class(O) [7]. Ambiguous security levels Biba model has similar structure to BLP, but it addresses Filtration [7] integrity rather than confidentiality. Objects and users Polyinstantization [7] are assigned integrity levels that form partial order similar to that of BLP [4]. The integrity levels in Biba Here, these problems are associated with Bell-LaPadula model indicates degrees of trustworthiness or accuracy, model which is used to enforce confidentiality. which is different from that of BLP model. For example, data stored in C.E.O’s machine is given higher integrity 2. Problem analysis: level than that of any employee. Following are different levels in integrity: [5] Following are the different problems in MAC: Crucial (C) 2.1 Requirement of new security levels: Very Important (VI) Important (I) As stated earlier, in traditional MAC there is no security level for common people (people outside organization) Following are different properties in Biba model: [9] where they can access certain data or information to know organization or business and hence marketing of Simple integrity: A subject of higher integrity organization or business is not possible in traditional level must not read an object at lower integrity MAC. Hence, an organization cannot reach apex heights level (No read down) in business by adopting traditional MAC. Hence, an Star integrity: A subject of given integrity level update is required to alter the security levels and include must not write to an object of higher integrity this functionality in my proposed model which is an level (No write up) alternate to MAC. Invocation property states that a process from below cannot request higher access; only with 2.2 Filtration subjects of lower or equal level. The security levels are assigned to both subjects and The first two properties of Biba model is completely objects. These levels are assigned to values inside each opposite to that of BLP model. attribute. The Bell-LaPadula model form the basis of MAC [8].The different properties of MAC in Bell- LaPadula model are given as: © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2032 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 Simple security property: Only read down is allowed. A Chris ( U ) 20(TS) 30000 ( S ) subject can read an object only if its security level is Morris (U) 26 ( C ) 25000 ( TS) greater than or equal to that of object. Morris(U) 26 ( C ) 35000 ( C ) Stanley(C) 23 ( S ) 20000 ( C ) Star security property: Only write up is allowed. A subject can write an object only if its security level is less than or equal to that of object. This is done so that there 3. Proposed work: is no flow of information from higher security level to that of lower one [7]. 3.1 Proposing new security levels: Eg :- consider a relation employee- A level which can be accessed by anyone has to be Name Age Salary introduced. We can do this by combining java access Stan ( C ) 19 ( S ) 20000 ( TS ) specifiers with MAC security levels. Thus we get Chris ( U ) 20 ( TS ) 30000 ( S ) following security levels: Morris ( C ) 26 ( C ) 25000 ( TS ) Private Stanley ( C ) 23 ( S ) 20000 ( C ) Protected Appearance of this relation to user (subject) with Default security level confidential ( C ) Public Name Age Salary Private is at highest level while public is at lowest level. Stan ( C ) NUL NUL These levels can be assigned to both subject (user) as Chris ( U ) NUL NUL well as to object (relations). Private is assigned to Morris ( U ) 26 ( C ) NUL subjects and objects which are at highest priority and are Stanley ( C ) NUL 20000 ( C ) principal part of an organization which cannot be shared to anyone inside or outside the organization. Protected is assigned to those subjects and objects which are at very The objects which are at higher level than that of subject high priority and cannot be accessed by those which are will be appeared as nul to this subject [7].