[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
David Wagner
daw at cs.berkeley.edu
Wed Jan 3 23:40:49 CST 2007
Jed writes:
>It's certainly true that
>communication can happen also through shared object access, so a MAC
>system must include both notions, but there seems to be something
>about MAC access control that inevitably leads to communication
>restrictions. It has been quite difficult for me to avoid dropping
>into MLS terminology and talking about communication diodes in this
>paragraph. Perhaps with my wording others can sense why?
Historically, most of the research on MAC has been an attempt to
study MLS, and in particular, to study ways to protect confidentiality.
Communication diodes follow naturally from MLS and confidentiality.
But it's worth pointing out that MAC is broader than just confidentiality
or just MLS. For instance, you can have MAC policies that are focused
on integrity instead of confidentiality (e.g., LOMAC). Often, those
integrity-focused policies might not need communications diodes.
More information about the cap-talk
mailing list