Dynamic mandatory access control for multiple stakeholders

Vikhyath Rao, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations


In this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc., rather than a single system administrator. However, current access control administration remains as either discretionary, allowing the running and perhaps compromised process to administer permissions, or mandatory, requiring a system administrator to know all permissions for all possible legal runs. A key problem is that users may download arbitrary programs to their devices, requiring that the system contain such programs while allowing some reasonable functionality. However, such programs may need access to permissions that in combination with other conflicting permissions may lead to an attack, such as allowing voice-over-IP calls. In our approach, we use a "soft" sand-boxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. We define a proxy policy server that caches and combines stakeholder policies to make such access decisions. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server, although a local proxy policy server is also possible. We incur a 0.288 μs performance overhead only when stakeholders need to be consulted, and new permissions are cached.

Original languageEnglish (US)
Title of host publicationSACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies
Number of pages10
StatePublished - 2009
Event14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 - Stresa, Italy
Duration: Jun 3 2009Jun 5 2009

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT


Other14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems


Dive into the research topics of 'Dynamic mandatory access control for multiple stakeholders'. Together they form a unique fingerprint.

Cite this