Mandatory Access Control
Next: Determining MAC Access
Up: POSIX Security Interfaces
Previous: Privilege Determination and
The need for a mandatory access control (MAC) mechanism arises when the
security policy of a system dictates that:
- protection decisions must not be decided by the object owner.
- the system must enforce the protection decisions
(i.e., the system enforces the security policy over the wishes or intentions
of the object owner).
The POSIX.6 standard provides support for a
mandatory access
control policy by providing a labeling mechanism and a set of interfaces
that can be used to determine access based on the MAC policy.
John Barkley
Fri Oct 7 16:17:21 EDT 1994