Mandatory access control

Mandatory access control (MAC) is a technique to protect and contain computer processes, data, and system devices from misuse. This may extend or replace discretionary access control for file system permissions and the concepts of users and groups. The most important feature is that the user can not fully control the access to resources that they create. The system security policy (as set by the administrator) entirely determines the access that is to be granted and a user is not permitted to grant less restrictive access to their resources than the administrator specifies. Discretionary access control systems permit users to entirely determine the access granted to their resources which means that they can through accident or malice give access to unauthorised users.

The goal is to define an architecture that requires the evaluation of all security-related labels and making decisions based upon the operations context and the same data labels. The Flask and Generalized Framework for Access Control (GFAC) architectures coupled with MAC are enabling technologies of multilevel security systems.

Such a framework prevents an authenticated user or process at a specific classification or trust level to access information, processes, or devices in a different level. This provides a containment mechanism of users and processes, both known and unknown (an unknown program would be an untrusted application where device and file accesses should be monitored and/or controlled).

Clearly a framework that works to separate data and operations within a computer needs to be non-bypassable. It also needs to be evaluatable to determine the usefulness and effectiveness of a rule, always-invoked as to not bypass the system, and tamper-proof.

Historical MAC architectures

This is implemented in several security-focused operating systems, and is key in FLASK operating systems.

Historical MAC architectures

See also