MAC – Mandatory Access Control

is a security model to enforce restrictions on access to resources based on predefined rules and policies.

• Access decisions are made by a system administrator or a security policy manager.
• Uses labels or tags associated with subjects (users, processes) and objects (files, directories).
• Labels and tags are used to define security levels or categories.
• They are typically hierarchical, with different levels of importance or sensitivity.
• Subjects can only access objects matching their level.
• Even if a user has access to a resource above his level, he cannot access it.
• Used in military and government environments, or similar.
• Pros: High level data protection, granularity, avoids trojan horses, fewer errors
• Cons: Scalability, Maintainability, Interferes with users work