What Is Mandatory Access Control?
Mandatory access control (English: mandatory access control , MAC for short) in the field of computer security refers to an access control restricted by the operating system, the goal is to restrict the ability of the subject or initiator to access or perform certain operations on the object or target. In practice, the subject is usually a process or thread, and the objects may be files, directories, TCP / UDP ports, shared memory segments, I / O devices, and so on. Subjects and objects each have a set of security attributes. Whenever a principal tries to access an object, the operating system kernel enforces authorization ruleschecking security attributes and deciding whether or not access is possible. Any operation on any object by any subject will be tested against a set of authorization rules (also known as policies) to determine whether the operation is allowed. There are also access control mechanisms in the database management system, so mandatory access control can also be applied; in this environment, the objects are tables, views, procedures, etc.