[SAC-TAC Logo]

Strong Access Control (SAC)
Technology Advocacy Committee (SAC-TAC)

The SAC Technology Advocacy Committee is a group whose mission is to advance Strong Access Control (SAC) technology and increase its awareness in the marketplace. Strong Access Control refers to mechanisms that provide effective protection and assured behavior under concerted and sophisticated attack, and includes mechanisms such as multilevel security.

Strong Access Control (SAC) includes a class of non-discretionary access control approaches that have demonstrated strength for both enforcement and resistance to bypass. These approaches are generally label-based. They include traditional multilevel security (MLS) approaches with hierarchical labels and approaches that use non-hierarchical labels to provide strong domain separation (DS). They provide either strongly controlled sharing or strongly controlled separation. Other methods use encryption technology for enforcement with sharing managed through control of access to the keys.

Although SAC technology does exist, it is neither wide-spread or well-known. Initial research into the technology was driven by the defense and intelligence communities, and commercial product evaluation encouraged development of SAC products. Attempts were made to market the technology to the commercial community, but these did not achieve large-scale success. A key problem was the paucity of modern and usable applications designed to incorporate SAC technology (with the exception of multilevel databases). A second key problem was the perception of system managers that SAC technology would be both more expensive to manage and would inhibit users in performing their work.

Today, the need for strong access control has seen a rebirth among government users due to recent laws, directives, and regulations, and there has been growing interest in the technology among commercial entities. Today, most enterprises have a a generally unrecognized need for some mixture of both the traditional multilevel security (MLS) solutions as well as domain separation (DS) solutions. DS provides separation with a strength much greater than that provided by traditional discretionary access controls (for example, DS technology can provide strong protection of private financial data on a public system without the need for separate systems).

SAC-TAC has the following goals:

  1. To increase market awareness and demand for SAC technology and products.
  2. To facilitate interoperability of SAC products.
  3. To identify commercial and research opportunities for SAC.
  4. To enhance communication within the SAC community.
  5. To define the appropriate resistance for attack for SAC products.

[ACSA Logo] © 2001 Applied Computer Security Associates