P1L6 Mandatory Access Control Flashcards
Mandatory Access Control (MAC)
Is not at the user discretion. Solves the problem of information control. Company decides who has access to data.
What is needed to implement MAC?
Labels are a key requirement. They indicate sensitivity and/or category of data. Indicate clearance/need-to-know requirements
Labels also have a _______
Compartment.
T/F L1 = (TS, {A,B,C}) L2=(S,{B,C}) L3=(S,{B,C,D}) L1 > L3
False
L1 > L2
L2 < L1
L1 and L3 are not comparable.
Bell and La Padua (BLP) Model
Developed by the DoD
Assumes classification of data and clearances for subjects
BLP Read/Write rules
Read-down rule (ss-property): user with label L1 can read the document with L2 only when L1 dominates L2
Write-up rule (*-property): User with label L1 can write document with label L2 when L1 is dominated by L2.
Tranquility Principle
States that classification of a subject or object does not change during a session.
Clark-Wilson Policy
Users should be able to access certain programs
Chinese Wall Policy
Deals with conflict of interest
T/F: RBAC is an example of MAC
True. Only the company can decide roles of its employees.
BLP-like models
SELinux and SCOMP