A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Soon-Book Lee,Chee-Yang Song,Jin-Woo Kim,Yoo-Hwan Kim

doi:10.3844/jcssp.2020.72.91

Soon-Book Lee, Chee-Yang Song + Show 2 more

Open Access

https://doi.org/10.3844/jcssp.2020.72.91

Copy DOI

Abstract

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data

Highlights

In the Emerging Cyber Threats Report 2015 published by Georgia Tech, the attack of rogue insiders was pointed out as one of emerging cyber threats
(1st-grade/Top Secret) in Task#1 can access data classified as 1st, 2nd and 3rd grades as well as generallevel data within the relevant task category. Such access policies above define all the individual task categories and under task categories, subjects, objects and security keys are linked and defined. It focus the primary characteristics of the access control model, compare the proposed model with the legacy Mandatory Access Control (MAC) models and discuss the characteristics and limitations of the proposed model
This study suggested a Duties Separation and Data Coloring (DSDC)-MAC model and security policies that can improve both the confidentiality and integrity of MAC models such as Bell_LaPadula Model (BLP) and Biba using Segregation of Duty (SoD) and data coloring techniques

Summary

Introduction

In the Emerging Cyber Threats Report 2015 published by Georgia Tech, the attack of rogue insiders was pointed out as one of emerging cyber threats. Security incidents caused by malicious insiders bring about significant damage to companies, but solutions are not easy at all. To address such evolving threats from insiders, it is necessary to develop stronger access control technologies to detect anomalous behaviors. Due to the dynamics and uncertainty of the current network environment, access control is one of the most important factors in guaranteeing network information security. How to construct a scientific and accurate access control model is a current research focus. In actual access control mechanisms, users with high trust values bring better benefits, but the losses will be greater once cheating access is adopted (Wang et al, 2019)

Objectives

Methods

Results

Discussion

Conclusion