[cap-talk] Mandatory Access Control: unidirectional state changes

[Rob Meijer]

On Thu, January 4, 2007 09:32, Ka-Ping Yee wrote:
> After looking around some more it is starting to appear to me
> that the confusion about the terms MAC and DAC stems from the
> fact that each term is used in two distinct ways:
>
>     - to refer to a quality of access control models
>
>     - to refer to a specific method (the most common method)
>         of implementing access control that bears that quality
>
> In the case of DAC, the quality is "local or user-level control
> over access policy" and the implementation is "objects have owners
> that can edit their ACLs".
>
> In the case of MAC, the quality is "global or system-level control
> over access policy" and the implementation is "compare the subject
> clearance level to object's sensitivity label".

I think MAC vs DAC is not an issue of local vs global but rather an issue
of unidirectional state changes vs bidirectional state changes.
As in MLS according to the MAC at a user level of controll a data object
can have its state changed to a higher clasification level but can not
reverse this descission. I feel that in MLS MAC only provides the
mechanisms of unidirectional state changes at a global level, rather than
moving controll
to a global level. I feel that any access controll mechanism that provides
the posibility to do unidirectional state changes provides MAC, while any
access controll mechanism that provides the ability to do bidirectional
state changes would thus provide DAC.

Rob