Mandatory Access Control: Silver Bullet or Kafkaesque Nightmare?, Part 1
Given the recent flood of new worms and viruses infecting the Net, it
is worth noting that systems designed to be impervious to these types
of threats are available. But are they really appropriate for
developing and serving Web sites? Yes and no.
A concept called Mandatory Access Control (MAC) makes many of these
secure operating systems different. Though it has been around since the
80's, MAC is still (literally) an obscure bureaucratic methodology not
easily explained in plain language.
What is Mandatory Access Control?
The relationships are divvied up between subjects and objects. The
subjects can be thought of as users, or anything accessing an object.
An object is the process, file, or piece of information being accessed.
All subjects are assigned domains, which can be thought of as security
clearances, and all objects are assigned types, which can be thought of
as security classifications. Security policies are created based upon
the sensitivity of the object not at the discretion of the user that
receives it.
The subject (a user, process, or administrator) may be able to access a
file, but, because the file retains its classification label, they may
not be able to transfer it to another user, or use any system utilities
to copy it from the system. The system recognizes the label on the
file, and will not allow the file to be read or otherwise processed by
a user or process of lesser clearance. The system will check the file
for its classification, and deny another process access to the file
unless the process has adequate clearance.
How is this different from regular Unix permissions?
Any user with ownership of the file can modify regular Unix
permissions. Regardless of the information's sensitivity in a file, it
can be copied, e-mailed, or read by a user if the file's permissions
(read, write, execute, relative to the user, their group, and Everyone)
allow it.
In a MAC system, if a file has been given a specific level of
sensitivity (or context), then the system will not allow certain users,
programs, or even administrators to perform operations on the file.
Though this may sound like a subtle difference, imagine you were able
to set a log file's sensitivity higher than that of the mailer program.
Though you could read, write, and copy the file as needed, not even an
administrator could email the file to another system because the mailer
lacks the clearance to handle information with your file's level of
classification. It is a shift in perspective from using users
like "nobody", "uucp", "www" and their accompanying group ID's to
separate duties on the system, to requiring that each file on the
system have authoritative security information about itself.
Next Week: Mandatory Access Control, Part 2: Enter SELinux
» posted by ITworld staff
ITworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
