Print this chapterPrint this chapter

Access Control Fundamentals

12. Access Control Models

12.2. Mandatory Access Control

  • This model is very structured and strict and is based on a security label (also known as sensitivity label) attached to all objects
  • The subjects are given security clearance by classifying the subjects as secret, top-secret, confidential, etc.) and the objects are also classified similarly
  • The clearance and the classification data is stored in the security labels, which are bound to the specific subject and object.
  • When the system makes a decision about fulfilling a request to access an object it is based on the clearance of the subject, the classification of the object, and the security policy of the system
  • This model is used and is suitable for military systems where classifications and confidentiality is of at most important
  • SE Linux, by NSA, trusted Solaris are examples of this model
  • Security labels are made up of a classification and categories, where classification indicates the security level and the categories enforce need to know rules.