Mandatory Access Control (MAC): how does it work?

Data pro­tec­tion is an in­creas­ingly important topic. For companies in par­tic­u­lar it’s become ab­so­lutely necessary to have a com­pre­hens­ive security strategy in order to protect customer data and internal in­form­a­tion from falling into the wrong hands. That’s why each user has limited access rights, which are checked each time data is requested.

There are a number of options available for im­ple­ment­ing and main­tain­ing access control, including Mandatory Access Control. This model is also used in the political and military branches, which require tamper-proof pro­tec­tion of data. Keep reading to find out how this rule-based access control works and what its pros and cons are.

In order to protect data and system settings from un­au­thor­ised access and changes, companies usually only give users the priv­ileges that they require to do their jobs. The defin­i­tion and al­loc­a­tion of access priv­ileges can get very complex, even for mid-sized busi­nesses. Every company is divided into different de­part­ments, usually including finance, marketing, and HR de­part­ments. The employees in each of these different de­part­ments require different access rights to fulfil their jobs. And in­di­vidu­al employees sometimes also need special additions to their rights, depending on their exact role in the company. Various security strategies were developed to ef­fect­ively implement and keep track of these differing access rights. Mandatory Access Control is one of these strategies. When using MAC, each user only has access to the resources that they ab­so­lutely need. The word ‘mandatory’ already hints at the fact that access control is rule-based and must be complied with.

Access rights are usually granted by a system ad­min­is­trat­or and assigned by someone in the company who has suf­fi­cient knowledge of the tasks of each user. This ensures that employees can do their jobs without hitting any walls. Im­ple­ment­a­tion and updates are usually carried out auto­mat­ic­ally by the operating system or a security kernel. When a user tries to access data, the system will either grant them access or deny their request. This kind of automated im­ple­ment­a­tion is the best way to prevent tampering.

Decisions about access rights are usually made based on the following factors:

• Users and processes
• Objects: the resources that are being accessed
• Rules and prop­er­ties: cat­egor­isa­tions, labels, and code words

Mandatory Access Control uses a hier­arch­ic­al approach: Each object in a file system is assigned a security level, based on the sens­it­iv­ity of the data. Examples of security levels include ‘con­fid­en­tial’ and ‘top secret’. Users and devices are ranked in the same way. When a user tries to access a resource, the system auto­mat­ic­ally checks whether or not they are allowed access. Ad­di­tion­ally, all users and in­form­a­tion are assigned a category, which is also checked when a user requests access. Users must fulfil both criteria – security level and category – in order to access data.

There are two forms of Mandatory Access Control:

This model is the original, simpler form of MAC, which consists of a vertical structure of security levels. In­form­a­tion can only move within these areas. Users are also assigned a security level, and they can only access in­form­a­tion on the same or lower security levels.

These systems are more complex and assign access based on segments, which form groups. These groups consist of security levels and code words. This gives rise to a ho­ri­zont­al security system, which contains ad­di­tion­al vertical security levels.

Mandatory Access Control is one of the most secure access systems, as it’s pretty much tamper-proof. Unlike with RBAC, users cannot make changes. The checking and enforcing of access priv­ileges is com­pletely automated. This lends Mandatory Access Control a high level of con­fid­en­ti­al­ity. Fur­ther­more, the system boasts a high level of integrity: Data cannot be modified without proper au­thor­isa­tion and are thus protected from tampering.

However, MAC requires detailed planning and greater ad­min­is­trat­ive work. You’ll need to regularly check and update each as­sign­ment of access rights to objects and users. Main­ten­ance work also includes adding new data or users and im­ple­ment­ing changes in cat­egor­isa­tions and clas­si­fic­a­tions. There is usually only a single person who is au­thor­ised to carry out these tasks. This ensures a high level of security but requires a lot of work from the ad­min­is­trat­or.

The high levels of con­fid­en­ti­al­ity and integrity mean that Mandatory Access Control is used in areas that deal with sensitive data and require a high level of security. This typically includes the military, gov­ern­ment, politics, foreign trade, health­care, and in­tel­li­gence. But MAC also has uses for normal companies. The security system Security-Enhanced Linux (SELinux), for example, is based on an im­ple­ment­a­tion of MAC in the Linux kernel.