MAC Implementation Issues
-
Must overcome limitations of traditional implementations
- More than just Multilevel Security
- Address integrity, least privilege, separation of duty
issues
- Complete control using needed security relevant
information
- Control relationships between subjects and code
-
Policy flexibility required
- One size does not fit all!
- Ability to change the model of security
- Ability to express different policies within given model
- Separation of policy from enforcement
-
Maximize security transparency