2. Access Control Models Contents.pdf

Implementation of Mandatory Access Control in Role-based Security System CSE367 Final Project Report Professor Steve Demurjian Fall 2001 Jin Ma Computer Science Engineering The University of Connecticut Storrs, CT 06269-3155 1 Contents Abstract 1. Introduction 2. Access Control Models 2.1 Mandatory Access Control (MAC) 2.2 Role-based Access Control (RBAC) 2.3 Combination of MAC and RBAC 3. Framework of Existing Role-based Security System 3.1 Software Architecture 3.2 The Unified Security Resource (USR) 4. Implementation 4.1 Modify Database Schema 4.2 Modify Resource Information 4.3 Modify Security System 4.4 Modify IDL 4.5 Modify GUI 4.6 Some ScreenShots 5. Conclusion and Future Work 6. Reference 2 Abstract Role-based access control has been introduced along with claims that its mechanisms are general enough to incorporate the traditional access control models: mandatory access control (MAC) and discretionary access control (DAC). This report provides a realization of mandatory access control in an existing role-based security system by labeling all users with clearances and all other data objects with classifications. Implementation steps are presented and future direction is discussed. 1. Introduction Role based access control (RBAC) has recently received considerable attention, particularly for commercial sectors. Under the RBAC framework, users are granted membership into roles based on their competencies and responsibilities in the organization. This simplifies the administration and management of privileges; roles can be updated without updating the privileges for every user on an individual base. Role-based Access is generally recognized as being the most flexible form of access control [4,5]. Traditional mandatory access control (MAC) is associated with military or sensitive national security inform