17 March 2008 Integrated mandatory access control for digital data
Author Affiliations +
This paper presents an integrated mandatory access control (MAC) framework that incorporates MAC mechanisms at both operating system and application layers for digital data. The framework uses Security-Enhanced Linux (SELinux) as the foundation for MAC at the operating system layer. It uses XACML (eXtensible Access Control Markup Language) as the base mechanism for specifying and embedding information-layer MAC policies. This framework is designed to be general-purpose, flexible, and capable of providing fine-grained access control. This paper also describes a high-level architecture of a prototype being developed for the framework. One targeted application domain for this framework is information sharing and dissemination in a multi-level security environment.
© (2008) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
George Hsieh, George Hsieh, Gregory Patrick, Gregory Patrick, Keith Foster, Keith Foster, Gerald Emamali, Gerald Emamali, Lisa Marvel, Lisa Marvel, } "Integrated mandatory access control for digital data", Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 697302 (17 March 2008); doi: 10.1117/12.777135; https://doi.org/10.1117/12.777135

Back to Top