What can MAC offer?
-
Strong separation of security domains
- Separate data based on confidentiality/integrity/purpose
-
System, application, and data integrity
- Protect against unauthorized modifications
- Prevent ill-formed modifications
-
Ability to limit program privileges
- Safely run code of uncertain trustworthiness
- Prevent exploit of flaw in program from escalating
privilege
- Limit each program to only what is required for its
purpose