Mandatory Access Control

(MAC)
 Introduction
•What is MAC?
•A security model that restricts access to data based on predefined security labels
assigned to subjects (users) and objects (data).
•Enforced by the system, not by individual users (unlike DAC).
•Typically used in high-security environments (government, military).
•Key components of MAC:
•Security labels: Classify subjects and objects based on sensitivity.
•Security policy: Defines the rules for access based on security labels.
•Enforcement mechanism: Verifies access requests against the security policy .
Mandatory Control
Key Points of the scheme:

• Each data object is assigned a classification level

• Each user is assigned a clearance level

• Users with a clearance level i can only access data object whose
classification level j is lower than or equal to i.

• The classification and clearance levels have the same number of possibilities

• These levels form a strict ordering hierarchy

Mandatory Control –
Security Classification Method
Example
User Clearance level
Directors: 4 (top secrecy)
Senior managers 3
Managers 2
Authorized clerks 1
Anybody 0

Objects select update delete

table 1 2 3 4
attribute 1 1 2 3
attribute 2 1 2 2
table 2 1 1 2
attribute 1 0 1 1
Mandatory Control –
Security Classification Method

Questions:

According to the information given in the tables:

• what is a manager's access right?

• Is a manager allowed to delete a data item from the

attribute 1 of Table 1?

• Who can select attribute 1 of the Table 2?

Mandatory Control –
Security Classification Method

Answers:

According to the information given in the tables:

• what is a manager's access right?
select tables 1 and 2;
update table 2 and attributes 1 and 2 of table 1;
delete table 2 and attribute 2 of table 1.

• Is a manager allowed to delete a data item from the

attribute 1 of Table 1?
No

• Who can select attribute 1 of Table 2?

Everyone!
Comparison

Discretionary control
• more widely used due to its flexibility
• supported by current SQL standard

Mandatory control approach

• with more rigid structure
• suitable for organisations with strict requirement for
security and hierarchy (e.g. government, defence
systems, for sensitive/classified information)
MAC
Models
•Bell-LaPadula (BLP) Model: Focuses on confidentiality.
•Simple security property: A subject can read an object only if the subject's
clearance level is greater than or equal to the object's classification level.
•*-property (star property): A subject can write to an object only if the
subject's clearance level is less than or equal to the object's classification
level.

•Biba Model: Focuses on integrity.

•Simple integrity property: A subject can read an object only if the subject's
integrity level is less than or equal to the object's integrity level.
•*-integrity property: A subject can write to an object only if the subject's
integrity level is greater than or equal to the object's integrity level.
Implementation
Considerations
•Labeling: Assigning appropriate security labels
to subjects and objects.

•Policy enforcement: Implementing mechanisms

to verify access requests against the security
policy.

•Covert channels: Identifying and mitigating

potential ways for information to flow against the
security policy.
Challenges and
Limitations
•Rigidity: MAC can be overly restrictive in some
environments.

•Complexity: Implementing and managing MAC can be

complex.

•User inconvenience: MAC can be difficult for users to

understand and work with.
Comparison with
DAC
•DAC: Users have control over access
permissions.
•MAC: System enforces access controls based on
predefined labels.
•DAC: More flexible but less secure.
•MAC: Less flexible but more secure
Real-World Examples

•Government classified information systems

•Military networks
•Nuclear power plants
Conclusion
MAC is a critical access control model for protecting highly sensitive information.
Understanding its principles, models, and challenges is essential for designing and
implementing secure systems.