Computer Security Technology: Guest Editors' Introduction

Ames,; Neumann,

doi:10.1109/mc.1983.1654438

Cited by 2 publications

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The past thirty years or more has seen a number of security models developed, meeting complementary requirements for security in computer systems. [10,11] Experimental and "small run" operating systems have been developed and deployed using these models but none, outside the basic "access control list (ACL)" structure has really been accepted in mass market operating systems and allied software products.…”

Section: Themes and Challengesmentioning

confidence: 99%

Modernising MAC: New Forms for Mandatory Access Control in an Era of DRM

Caelli

2007

New Approaches for Security, Privacy and Trust in Complex Environments

View full text Add to dashboard Cite

By its definition "discretionary access control" or "DAC" was not designed or intended for use in the untrusted environment of current globally connected information systems. In addition, DAC assumed control and responsibility for all programs vested in the user; a situation now largely obsolete with the rapid development of the software industry itself. However, the superior "mandatory access control" or "MAC" specifications and resulting implementations proved to be unacceptable for commercially oriented systems and their managers. For example, the USA's National Security Agency's (NSA) "Secure LINUX" or "SELinux", program made available under open source arrangements in 2000, aims at changing this state so that the benefits of MAC technology could be used to "harden" commodity ICT products. This paper analyses the need to abandon DAC, suggests variations and enhancements to basic access control concepts and relates the technology to the particular requirements of the "home computer". However, the potential for this technology to be used to limit competition must also be considered as a new participant is considered, i.e. the "owner" of software or allied systems wishing to impose digital rights management (DRM) requirements on the legitimate user.

show abstract

Section: Themes and Challengesmentioning

confidence: 99%