Please enable JavaScript.
Coggle requires JavaScript to display documents.
Mandatory Access Control - Coggle Diagram
Mandatory Access Control
Discretionary Access Control
can't control info flow
not reflective of how most orgs treat their data
MAC
label
clearance levels
Bell-LaPadula Model
read-down rule
simple security property
write-up rule
star property
solves info flow problem
tranquility principle
confidentiality
Biba Model
integrity
read-up rule
write-down rule
Commercial Policies
Clark-Wilson
user's access to objects constrained by apps they can use
Chinese Wall
conflict of interest
conflict class
TCB Design Principles
least privilege
high likelihood of security
economy of mechanism
open design
complete mediation
fail-safe default
psychologically acceptable
TCB Key Security Features
authentication
access control
3 A's of security
authentication
authorization
audit
security kernel
assurance
penetration testing
regression testing
security evaluations
orange book
D < C1 < C2 < B1 < B2 < B3 < A1
common criteria
evaluation assurance levels (EAL)