Security Solutions with Flexible MAC
-
Confines malicious code
- Can safely run code of uncertain pedigree
- Constrains code inserted via buffer overflow attacks
- Limits virus propagation
-
Allows effective decomposition of root
- Root no longer all powerful
- Limits each root function to needed privilege
- Eliminates most privilege elevation attacks
-
Allows effective assignment of privilege
- Servers need not run with complete access
- Servers and needed resources can be isolated
- Separate protections for system logs