MAC – Mandatory Access Control

Spread the love

MAC – Mandatory Access Control

is a security model to enforce restrictions on access to resources based on predefined rules and policies.

  • Access decisions are made by a system administrator or a security policy manager.
  • Uses labels or tags associated with subjects (users, processes) and objects (files, directories).
  • Labels and tags are used to define security levels or categories.
  • They are typically hierarchical, with different levels of importance or sensitivity.
  • Subjects can only access objects matching their level.
  • Even if a user has access to a resource above his level, he cannot access it.
  • Used in military and government environments, or similar.
  • Pros: High level data protection, granularity, avoids trojan horses, fewer errors
  • Cons: Scalability, Maintainability, Interferes with users work

Leave a Reply

Your email address will not be published. Required fields are marked *