[94] in 6.033 discussion

home help back first fref pref prev next nref lref last post

more on orange book classifications

littlitt@ATHENA.MIT.EDU (littlitt@ATHENA.MIT.EDU)
Wed Apr 3 19:19:50 1996

For those too busy to track down the links posted in the previous
transaction, I thought I would include this excerpt from the Windows
NT link:

   In a B-level, or Mandatory Access Control (MAC) system, objects have a
   security level defined independently from the owner's discretion. For
   example, if you receive a copy of an object marketed "secret," you
   can't give permission to other users to see this object unless they
   have "secret" clearance. This is defined by the system independent of
   your discretion. MAC involves the concept of "data labeling," which is
   the creation and maintenance by the system of security "labels" on
   data objects, unalterable by users (except in certain cases under
   system control and auditing).

This is almost exactly like the example that Prof. Kaashoek gave in class.

-jon

home help back first fref pref prev next nref lref last post