[94] in 6.033 discussion
more on orange book classifications
littlitt@ATHENA.MIT.EDU (littlitt@ATHENA.MIT.EDU)
Wed Apr 3 19:19:50 1996
For those too busy to track down the links posted in the previous
transaction, I thought I would include this excerpt from the Windows
NT link:
In a B-level, or Mandatory Access Control (MAC) system, objects have a
security level defined independently from the owner's discretion. For
example, if you receive a copy of an object marketed "secret," you
can't give permission to other users to see this object unless they
have "secret" clearance. This is defined by the system independent of
your discretion. MAC involves the concept of "data labeling," which is
the creation and maintenance by the system of security "labels" on
data objects, unalterable by users (except in certain cases under
system control and auditing).
This is almost exactly like the example that Prof. Kaashoek gave in class.
-jon