MACOW Ξ Mandatory Access Control on Open Worlds
MACOW stand for Mandatory Access Control on Open Worlds. This is free and open source
architecture distributed under GPL licence
in order to mediate access control to information systems. It is able to work on open
environments in which new information can be dinamically discovered such as scenarios
fostered in new trends as Semantic Web, Cloud Computing and Autonomic Computing.
It is based on Description Logic as logic formalisms. This fact enables to perform formal
verification and validation of access control. Additionally, this access control architecture
enables to manage both inter- and intra- domain environments. So, new scenarios like coalitions
or federations could be managed.
This fact remark the important role of the knowledge representation on inter-change information
processes between administrative domain. This issue has been successfully supported by beans of
the knowledge alignment features provided on OWL and SWRL languages.
Moreover, MACOW is able to manage distributed architectures in which the scope of access control
is focused on networks, services, computers and communications, elements available on current
In this sense, working at a conceptualization level (rather than at a level physically attached
to the elements being managed) enables to overcome the limitation in scope of traditional MAC
approaches and being able control networks, services and applications. So, CIM models play an
important role as information model to guide the construction of this layer.
Regarding confict detection, modal and semantic kinds of confict can be detected on MACOW. This feature
provides an added value with respect to other access control systems which are not able to detect semantic
On the other hand, scalability on the administration tasks is an important issue on system administration.
The administration tasks related to label sensitivity on controlled elements has been automated by means
of the usage of automated reasoning engines.