Procedimiento
para restringir el acceso a los objetos de un sistema. Está basado en la
sensibilidad de la información contenida o tratada en éstos (expresada en una
etiqueta de seguridad) y la autorización (denominada habilitación) de los
sujetos que pretenden acceder (TCSEC).
Se
instrumenta para aplicar una política de seguridad basada en reglas.
[Ribagorda:1997]
Modelo de
seguridad en el que un responsable clasifica los objetos y sujetos según sus
respectivos niveles de seguridad y
habilitación y los compartimenta
según el principio de mínimo privilegio. [Ribagorda:1997]
A means of restricting
access to objects based on the sensitivity (as represented by a security label)
of the information contained in the objects and the formal authorization (i.e.,
clearance, formal access approvals, and need-to-know) of subjects to access information
of such sensitivity. [CNSSI_4009:2010]
1. (I) An access control
service that enforces a security policy based on comparing (a) security labels,
which indicate how sensitive or critical system resources are, with (b) security
clearances, which indicate that system entities are eligible to access certain
resources. (See: discretionary access control, MAC, rule-based security
policy.)
Derivation: This kind of
access control is called "mandatory" because an entity that has
clearance to access a resource is not permitted, just by its own volition, to
enable another entity to access that resource.
[RFC4949:2007]
A means of restricting
access to objects based on the sensitivity (as represented by a label) of the
information contained in the objects and the formal authorization (i.e.,
clearance) of subjects to access information of such sensitivity. [TCSEC:1985]
Mandatory Access Control
controls is where the system controls access to resources based on
classification levels assigned to both the objects and the users. These
controls cannot be changed by anyone.
http://www.sans.org/security-resources/glossary-of-terms/