Question

- What is the order of precedence between discretionary access check and Mandatory integrity check? Please explain?

- Suppose kkk.exe running with low integrity downloads an executable from unknownsite.com. can the download executable write to %SystemRoot%\System32? Why or Why not?

Answer 1

Part 1: Access control models mainly deal with 3 types-

Discretionary Access Control (DAC)

Mandatroy Access Control or Manatory integrity check( MAC)

and a combination of these two access methods named as Lapadula access model.

In some cases only DAC is used and in others only MAC is used. But when need arises for extra secuirty and privacy, both the access methods are used together in a certain order of precendence as follows-

The Bell-LaPadula model implements a combination of DAC and MAC access controls, and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions. For example, we might have a resource that is classified as secret and a user that has a secret level of clearance, normally allowing them to access the resource under the accesses allowed by MAC. However, we might also have an additional layer of DAC under the MAC access, and if the resource owner has not given the user access, they would not be able to access it, despite the MAC permissions.

Such combination adds an extra layer of protection from breach of security and minimizes the access of unauthorized users. But order of precendence only matters when both the access methods are used. You can read about LaPadula model in detail but as far the order of precendence is concerned, this information suffices.

Part 2: Coming to the question of low integrity rights of an .exe file, Suppose kkk.exe running with low integrity downloads an executable from unknownsite.com then yes the download executable can write to %SystemRoot%\System32 and corrupt/modify the root files which govern the OS operations of the PC. As the kkk.exe is running with low integrity, it all depends on which access control methods are used to allow the access of the .exe file. .exe file can be a compressed file signed by say microsoft signature( which may/may not contain protocols to detect some new type of trojan house) and on decompressing can turn out to be a trojan house. If the access method allows the file to write to the %system root% by ticking it safe( as it is signed by microsoft signature) it may cause the trojan house to embed to the system files. If 2 or 3 layers of access controls are used which do not give access to write to the %systemroot% even of it is ticked safe by microsoft, then it may cause no harm and may also be red flagged as a threat.