Modernising MAC: New forms for mandatory access control in an era of DRM

Abstract

By its definition "discretionary access control" or "DAC" was not designed or intended for use in the untrusted environment of current globally connected information systems. In addition, DAC assumed control and responsibility for all programs vested in the user; a situation now largely obsolete with the rapid development of the software industry itself. However, the superior "mandatory access control" or "MAC" specifications and resulting implementations proved to be unacceptable for commercially oriented systems and their managers. For example, the USA's National Security Agency's (NSA) "Secure LINUX" or "SELinux", program made available under open source arrangements in 2000, aims at changing this state so that the benefits of MAC technology could be used to "harden" commodity ICT products. This paper analyses the need to abandon DAC, suggests variations and enhancements to basic access control concepts and relates the technology to the particular requirements of the "home computer". However, the potential for this technology to be used to limit competition must also be considered as a new participant is considered, i.e. the "owner" of software or allied systems wishing to impose digital rights management (DRM) requirements on the legitimate user. © 2007 International Federation for Information Processing.