MAC – Mandatory Access Control
is a security model to enforce restrictions on access to resources based on predefined rules and policies.
- Access decisions are made by a system administrator or a security policy manager.
- Uses labels or tags associated with subjects (users, processes) and objects (files, directories).
- Labels and tags are used to define security levels or categories.
- They are typically hierarchical, with different levels of importance or sensitivity.
- Subjects can only access objects matching their level.
- Even if a user has access to a resource above his level, he cannot access it.
- Used in military and government environments, or similar.
- Pros: High level data protection, granularity, avoids trojan horses, fewer errors
- Cons: Scalability, Maintainability, Interferes with users work