A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC
- 1 ROK Navy, Korea
- 2 University of Nevada Las Vegas (UNLV), United States
- 3 Kyungpook National University, Korea
Abstract
Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data
DOI: https://doi.org/10.3844/jcssp.2020.72.91
Copyright: © 2020 Soon-Book Lee, Yoo-Hwan Kim, Jin-Woo Kim and Chee-Yang Song. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 3,702 Views
- 1,781 Downloads
- 0 Citations
Download
Keywords
- Mandatory Access Control (MAC)
- SoD-driven Access Control
- Data Coloring Access Control
- Security Key Authorization
- Complemented BLP and Biba Model