Answer: Both mandatory access control (MAC) and discretionary access control (DAC) are important in a multiple user environment where restrictions are very important. Both are popular access control models. But they have some differences. We will find out these differences and the facts that will prove mandatory access control is better than discretionary access control.
Basically, they provide access to users in different ways. A set of levels are created in mandatory access control and every user must be assigned to a specific access level. User can access all the resources under his access level. But in discretionary access control, accesses …show more content…
What are the main deficiencies of the traditional (MAC)?
Answer: Though traditional MAC mechanism has multilevel security policy but this traditional mechanism has some limitations to fulfill many security requirements. It has limitations on data integrity, application integrity, lower privilege requirement and separation of duty. It is unable to control the relationship among a subject and executed code.
Mac mechanism is the most secure access control model but it is costly. It requires huge amount of planning before it is implemented effectively. After implantation, MAC enforces a high system management overhead because of necessity of constant update object and levels of account to contain new data. It also requires changing the category of existing users and as well as new users frequently. In MAC model, the enforcement and assignment of security levels place restrictions on user that require large part of the operating system. Furthermore it is impossible to implement MLS using mandatory access control (MAC) because whole operating system and other related utilities need to …show more content…
Explain what are the main improvements of Flask from traditional MAC?
Answer: We know that traditional MAC has several limitations such as it provides very poor support for data integrity and application integrity. It is unable to find out separation of duty in MAC and it has smallest amount of privilege requirements. For this reason, NSA and SCC jointly developed flask to overcome the limitations of traditional MAC. Flasks have several improvements over traditional MAC.
Flask provides better support for dynamic security policies during the time of transfer. Flask is a strong and flexible security model than MAC. Flask is acceptable for all mainstream operating systems. It provides flexible support for security policies. It separates the security policy logic from the enforcement mechanism. Traditional mandatory access control (MAC) is associated with performance overhead, but performance overhead is minimized in the flask architecture. Flask ensures the system to support verity of security policies. Flask supports separation policies that can restrict data. It can also establish precise roles for the users. Flask supports containment policies that can restrict or filter data access and also can protect data from viruses or other suspicious programs. Flask also supports integrity policies that can protect data and application from unauthorized users. Furthermore, Flask has invocation policies that ensure data process based on the requirement. A security level is assigned