Strong Access Control (SAC)
Technology Advocacy Committee
The SAC Technology Advocacy Committee is a group whose mission is
to advance Strong Access Control (SAC) technology and increase its awareness in
the marketplace. Strong Access Control refers to mechanisms that provide
effective protection and assured behavior under concerted and sophisticated
attack, and includes mechanisms such as multilevel security.
Strong Access Control (SAC) includes a class of non-discretionary
access control approaches that have demonstrated strength for both enforcement
and resistance to bypass. These approaches are generally label-based. They
include traditional multilevel security (MLS) approaches with hierarchical
labels and approaches that use non-hierarchical labels to provide strong domain
separation (DS). They provide either strongly controlled sharing or strongly
controlled separation. Other methods use encryption technology for enforcement
with sharing managed through control of access to the keys.
Although SAC technology does exist, it is neither wide-spread or
well-known. Initial research into the technology was driven by the defense and
intelligence communities, and commercial product evaluation encouraged
development of SAC products. Attempts were made to market the technology to the
commercial community, but these did not achieve large-scale success. A key
problem was the paucity of modern and usable applications designed to
incorporate SAC technology (with the exception of multilevel databases). A
second key problem was the perception of system managers that SAC technology
would be both more expensive to manage and would inhibit users in performing
Today, the need for strong access control has seen a rebirth among
government users due to recent laws, directives, and regulations, and there has
been growing interest in the technology among commercial entities. Today, most
enterprises have a a generally unrecognized need for some mixture of both the
traditional multilevel security (MLS) solutions as well as domain separation
(DS) solutions. DS provides separation with a strength much greater than that
provided by traditional discretionary access controls (for example, DS
technology can provide strong protection of private financial data on a public
system without the need for separate systems).
SAC-TAC has the following goals:
- To increase market awareness and demand for SAC technology and
- To facilitate interoperability of SAC products.
- To identify commercial and research opportunities for SAC.
- To enhance communication within the SAC community.
- To define the appropriate resistance for attack for SAC