Please enable JavaScript.
Coggle requires JavaScript to display documents.
Access Control (MAC (Subject assigned clearance labels, Objects assigned…
Access Control
MAC
-
-
Access control policy decisions are made by a central authority, not by the individual owner of an object
Models
Bell–LaPadula
subject can read objects at the same or lower sensitivity level, but not at higher (simple security property)
-
Adding * property can remove this ( subject can save an object only at the same or higher classification)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Access controls provide for the ability to control “who” can do “what” with respect
to data, applications, systems, networks, and physical spaces.
The system should provide for a default deny on all permissions for the sub-
ject, thereby requiring that access to any object be explicitly created by an
administrator.
-