Mandatory Access Control system

Access Control system mechanisms are a necessary and crucial design element to any application's security. In general, a web application should protect front-end and back-end data and system resources by implementing Access Control system restrictions on what users can do, which resources they have access to, and what functions they are allowed to perform on the data. Ideally, an Access Control system scheme should protect against the unauthorized viewing, modification, or copying of data. Additionally, Access Control system mechanisms can also help limit malicious code execution, or unauthorized actions through an attacker exploiting infrastructure dependencies (DNS server, ACE server, etc.).

Authorization and Access Control system are terms often mistakenly interchanged. Authorization is the act of checking to see if a user has the proper permission to access a particular file or perform a particular action, assuming that user has successfully authenticated himself. Authorization is very much credential focused and dependent on specific rules and Access Control system lists preset by the web application administrator(s) or data owners. Typical authorization checks involve querying for membership in a particular user group, possession of a particular clearance, or looking for that user on a resource's approved Access Control system list, akin to a bouncer at an exclusive nightclub. Any Access Control system mechanism is clearly dependent on effective and forge-resistant authentication controls used for authorization.

Mandatory Access Control system (MAC) ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. MAC secures information by assigning sensitivity labels on information and comparing this to the level of sensitivity a user is operating at. In general, MAC Access Control system mechanisms are more secure than DAC yet have trade offs in performance and convenience to users. MAC mechanisms assign a security level to all information, assign a security clearance to each user, and ensure that all users only have access to that data for which they have a clearance. MAC is usually appropriate for extremely secure systems including multilevel secure military applications or mission critical data applications. A MAC Access Control system model often exhibits one or more of the following attributes.

• Only administrators, not data owners, make changes to a resource's security label.
• All data is assigned security level that reflects its relative sensitivity, confidentiality, and protection value.
• All users can read from a lower classification than the one they are granted (A "secret" user can read an unclassified document).
• All users can write to a higher classification (A "secret" user can post information to a Top Secret resource).
• All users are given read/write access to objects only of the same classification (a "secret" user can only read/write to a secret document).
• Access is authorized or restricted to objects based on the time of day depending on the labeling on the resource and the user's credentials (driven by policy).
• Access is authorized or restricted to objects based on the security characteristics of the HTTP client (e.g. SSL bit length, version information, originating IP address or domain, etc.)