A Comprehensive Analysis of MAC Enhancements for Leveraging Distributed MAC

Increased dependability of users, businesses and government on computing systems for research and computations on sensitive data raises serious issues regarding security. Operating systems conventionally provide Discretionary Access Control (DAC, superuser logic) to maintain security. Malicious users and applications are major threats to organizations and DAC seriously fails to address the required level of security. Former research has proven that enforcement of Mandatory Access Control (MAC, security labels/contexts for subjects and objects) restricts the malicious agents to their own domain, thus eliminating risk of damage it can cause to rest of the system and data. MAC implementations depend upon access control mechanisms. These mechanisms are added to operating systems as kernel enhancements. There are four prominent kernel enhancements: RSBAC, SELinux, GRSecurity and AppArmor.