The three layers of access controls include the Type Enforcement (TE), Multi-Level Security (MLS), and the Role Based Access Controls (RBAC). In the Type Enforcement access control, every system object is given a type. The types then define policies that describe access between these sets of types. Besides, the TE set both processes and files through its fine-grained permissions. On the other hand, the RBAC enables users to be allocated some tasks which restrict or support actions. With this, the security managers can give users the power of the account source without giving them total control over the system.
For example, the user can be given the role of Mail administrator and at the same time take control of the mail server without requiring root access. Lastly, the MLS allows for different security level that classified information to be shared, it requires system governance which contains data that is classified. In this case, the given scenario represented is MAC, that is, objects such as files are constructed, and a subject is usually the process with security qualities. Whenever a subject tries to locate an object, a supporting rule is made by the operating system which checks the security quality and decides if access will be granted.
Basing on security recommendations, in DAC, the object owner defines the subjects that can access the object. It is called discretionary since the control of access is based on the owner’s option, and Linux is one of the operating systems which are based on DAC model. In this case, the operating system makes access to the control depending on the access rights you planned. However, in MAC, the system defines the subjects that can access particular data objects. Subjects are offered security allowance and security classification is given to the data objects since the MAC is a security-based model and classification and clearance data are kept in the security labels.
- Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Cuppens-Boulahia, N., Cuppens, F., & Garcia-Alfaro, J. (2012). Data and applications security and privacy XXVI: 26th Annual IFIP WG 11.3 Conference, DBSec 2012, Paris, France, July 11-13,2012. Proceedings. Berlin: Springer.
- Design Automation Conference, Association for Computing Machinery, ACM Special Interest Group on Design Automation, Design Automation Workshop, & ACM IEEE Design Automation Conference. (2006). Design Automation Conference: DAC. New York, NY: Association for Computing Machinery.
- Phillips, C. E., & Demurjian, S. A. (2004). Security assurance for a resource-based RBAC/DAC/MAC security model.
- Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.