With mandatory access control, this security policy is centrally controlled by a security policy administrator users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. A database management system, in its access control mechanism, can also apply mandatory access control in this case, the objects are tables, views, procedures, etc.
Any operation by any subject on any object is tested against the set of authorization rules (aka policy) to determine if the operation is allowed. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Subjects and objects each have a set of security attributes. In the case of operating systems, a subject is usually a process or thread objects are constructs such as files, directories, TCP/ UDP ports, shared memory segments, IO devices, etc. In computer security, mandatory access control ( MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.
Please help improve this article by adding citations to reliable sources. This article needs additional citations for verification.
0 kommentar(er)
