A design of MAC model based on the separation of duties and data coloring: DSDC-MAC

Soon Book Lee, Yoo Hwan Kim, Jin Woo Kim, Chee Yang Song

Research output: Contribution to journalArticlepeer-review

Abstract

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data.

Original languageEnglish
Pages (from-to)72-91
Number of pages20
JournalJournal of Computer Science
Volume16
Issue number1
DOIs
StatePublished - 2020

Keywords

  • Complemented BLP and Biba model
  • Data coloring access control
  • Mandatory access control (MAC)
  • Security key authorization
  • SoD-driven access control

Fingerprint

Dive into the research topics of 'A design of MAC model based on the separation of duties and data coloring: DSDC-MAC'. Together they form a unique fingerprint.

Cite this