Overview#In computer security, Mandatory Access Control or MAC refers to a type of Access Control Model by which the operating system constrains the ability of a Digital Subject or initiator to access or generally perform some sort of operation on an object or SP objects.
In practice, a Digital Subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, etc. Digital Subject and objects each have a set of security attributes.
Whenever a Digital Subject attempts to access an object, an Authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any Digital Subject on any object will be tested against the set of authorization rules (aka Policy) to determine if the operation is allowed.
More Information#There might be more information for this subject on one of the following:
- Access Control Models
- Discretionary Access Control
- Lattice Based Access Control
- NDSD Loadable Module
- [#1] - http://en.wikipedia.org/wiki/Mandatory_access_control - based on information obtained 2013-07-28