MACOW Ξ Mandatory Access Control on Open Worlds

Project Overview

MACOW stand for Mandatory Access Control on Open Worlds. This is free and open source architecture distributed under GPL licence in order to mediate access control to information systems. It is able to work on open environments in which new information can be dinamically discovered such as scenarios fostered in new trends as Semantic Web, Cloud Computing and Autonomic Computing.

It is based on Description Logic as logic formalisms. This fact enables to perform formal verification and validation of access control. Additionally, this access control architecture enables to manage both inter- and intra- domain environments. So, new scenarios like coalitions or federations could be managed.

This fact remark the important role of the knowledge representation on inter-change information processes between administrative domain. This issue has been successfully supported by beans of the knowledge alignment features provided on OWL and SWRL languages.

Moreover, MACOW is able to manage distributed architectures in which the scope of access control is focused on networks, services, computers and communications, elements available on current information systems.

In this sense, working at a conceptualization level (rather than at a level physically attached to the elements being managed) enables to overcome the limitation in scope of traditional MAC approaches and being able control networks, services and applications. So, CIM models play an important role as information model to guide the construction of this layer.

Regarding confict detection, modal and semantic kinds of confict can be detected on MACOW. This feature provides an added value with respect to other access control systems which are not able to detect semantic confict.

On the other hand, scalability on the administration tasks is an important issue on system administration. The administration tasks related to label sensitivity on controlled elements has been automated by means of the usage of automated reasoning engines.