No write-down/Write up: A subject can write only those objects whose access class dominates the access class of the subject. No read-up/Read down: A subject can read only those objects whose access class is dominated by the access class of the subject. The security level of the access class associated with a user is called clearance, which reflects the users trustworthiness not to disclose sensitive information to users not cleared to it.Īccess control in mandatory protection systems is based on the following two principles: The security level of the access class associated with an object reflects the sensitivity of the information contained in the object which means the potential damage which could result from unauthorized disclosure of information. The set of categories is an unordered set, for example, NATO, Nuclear, Army etc. The levels often considered are Top Secret (TS), Secret (S), Confidential (C) and Unclassified (U), where TS>Sgt C>U. The security level is an element of a hierarchically ordered set. Subjects are active entities that access the objects, usually, active processes operating on behalf of users.Īn access class consists of two components: a security level and a set of categories. Objects are the passive entries storing information for example relations, tuples in a relation etc. MAC security policies govern the access on the basis of the classifications of subjects and objects in the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |