First page Back Continue Last page Overview Text
MAC is a key missing security feature in current mainstream Oses that is needed for a secure OS.
Control must exist over the entire system or you can't make any guarantees over the potential information flow throughout the system.
Security-relevant information may include the user, his role, the program which was executed (or even its entire call chain), the confidentiality and integrity of the data, etc. Requires security labeling of all subjects and objects, and of the real objects of the system, e.g. not pathnames.