[cap-talk] Mandatory Access Control: unidirectional state changes
Ka-Ping Yee
cap-talk at zesty.ca
Fri Jan 5 04:00:12 CST 2007
On Fri, 5 Jan 2007, Rob Meijer wrote:
> I think MAC vs DAC is not an issue of local vs global but rather an issue
> of unidirectional state changes vs bidirectional state changes.
[...]
> I feel that in MLS MAC only provides the mechanisms of unidirectional
> state changes at a global level, rather than moving controll to a global
> level. I feel that any access controll mechanism that provides
> the posibility to do unidirectional state changes provides MAC, while any
> access controll mechanism that provides the ability to do bidirectional
> state changes would thus provide DAC.
This perspective is new to me. Do you have any examples of systems or
documentation where the terms "mandatory" and "discretionary" are used
with these meanings?
-- ?!ng
More information about the cap-talk
mailing list