Mandatory Access Control (MAC): how does it work?
Data protection is an increasingly important topic. For companies in particular it’s become absolutely necessary to have a comprehensive security strategy in order to protect customer data and internal information from falling into the wrong hands. That’s why each user has limited access rights, which are checked each time data is requested.
There are a number of options available for implementing and maintaining access control, including Mandatory Access Control. This model is also used in the political and military branches, which require tamper-proof protection of data. Keep reading to find out how this rule-based access control works and what its pros and cons are.
What is Mandatory Access Control?
In order to protect data and system settings from unauthorised access and changes, companies usually only give users the privileges that they require to do their jobs. The definition and allocation of access privileges can get very complex, even for mid-sized businesses. Every company is divided into different departments, usually including finance, marketing, and HR departments. The employees in each of these different departments require different access rights to fulfil their jobs. And individual employees sometimes also need special additions to their rights, depending on their exact role in the company. Various security strategies were developed to effectively implement and keep track of these differing access rights. Mandatory Access Control is one of these strategies. When using MAC, each user only has access to the resources that they absolutely need. The word ‘mandatory’ already hints at the fact that access control is rule-based and must be complied with.
The above-mentioned ‘resources’ include objects, files, and IT systems.
Organisation of access with MAC
Access rights are usually granted by a system administrator and assigned by someone in the company who has sufficient knowledge of the tasks of each user. This ensures that employees can do their jobs without hitting any walls. Implementation and updates are usually carried out automatically by the operating system or a security kernel. When a user tries to access data, the system will either grant them access or deny their request. This kind of automated implementation is the best way to prevent tampering.
Decisions about access rights are usually made based on the following factors:
- Users and processes
- Objects: the resources that are being accessed
- Rules and properties: categorisations, labels, and code words
Mandatory Access Control uses a hierarchical approach: Each object in a file system is assigned a security level, based on the sensitivity of the data. Examples of security levels include ‘confidential’ and ‘top secret’. Users and devices are ranked in the same way. When a user tries to access a resource, the system automatically checks whether or not they are allowed access. Additionally, all users and information are assigned a category, which is also checked when a user requests access. Users must fulfil both criteria – security level and category – in order to access data.
Role Based Access Control (RBAC) is an alternative security model, which abstracts work processes into roles and assigns access restrictions based on those roles.
Forms of Mandatory Access Control
There are two forms of Mandatory Access Control:
Multilevel security systems
This model is the original, simpler form of MAC, which consists of a vertical structure of security levels. Information can only move within these areas. Users are also assigned a security level, and they can only access information on the same or lower security levels.
Multilateral security systems
These systems are more complex and assign access based on segments, which form groups. These groups consist of security levels and code words. This gives rise to a horizontal security system, which contains additional vertical security levels.
What are the pros and cons of MAC?
Mandatory Access Control is one of the most secure access systems, as it’s pretty much tamper-proof. Unlike with RBAC, users cannot make changes. The checking and enforcing of access privileges is completely automated. This lends Mandatory Access Control a high level of confidentiality. Furthermore, the system boasts a high level of integrity: Data cannot be modified without proper authorisation and are thus protected from tampering.
However, MAC requires detailed planning and greater administrative work. You’ll need to regularly check and update each assignment of access rights to objects and users. Maintenance work also includes adding new data or users and implementing changes in categorisations and classifications. There is usually only a single person who is authorised to carry out these tasks. This ensures a high level of security but requires a lot of work from the administrator.
Where is MAC implemented?
The high levels of confidentiality and integrity mean that Mandatory Access Control is used in areas that deal with sensitive data and require a high level of security. This typically includes the military, government, politics, foreign trade, healthcare, and intelligence. But MAC also has uses for normal companies. The security system Security-Enhanced Linux (SELinux), for example, is based on an implementation of MAC in the Linux kernel.
SELinux has two further implementations: Type enforcement (TE) and Role Based Access Control (RBAC).