Access Control Fundamentals
In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.
12. Access Control Models
12.2. Mandatory Access Control
- This model is very structured and strict and is based on a security label (also known as sensitivity label) attached to all objects
- The subjects are given security clearance by classifying the subjects as secret, top-secret, confidential, etc.) and the objects are also classified similarly
- The clearance and the classification data is stored in the security labels, which are bound to the specific subject and object.
- When the system makes a decision about fulfilling a request to access an object it is based on the clearance of the subject, the classification of the object, and the security policy of the system
- This model is used and is suitable for military systems where classifications and confidentiality is of at most important
- SE Linux, by NSA, trusted Solaris are examples of this model
- Security labels are made up of a classification and categories, where classification indicates the security level and the categories enforce need to know rules.