What security model is dependent on security labels?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and the classification or sensitivity of the object.
Label-based access control is not defined.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
The security model that is dependent on security labels is Mandatory access control (MAC).
Mandatory access control (MAC) is a security model in which access to resources is determined by the security labels attached to each resource and the security clearance of the user or process requesting access. In this model, the system administrator defines and enforces a set of security policies, and access to resources is controlled based on these policies.
The security labels are used to define the sensitivity or classification level of the resource and the clearance level of the user. These labels are typically represented as a set of attributes or tags associated with each resource and user.
For example, a document may have a security label that indicates it is classified as "Top Secret" and can only be accessed by users with a security clearance level of "Top Secret" or higher. In contrast, a user may have a security clearance level of "Secret" and can only access documents with a security label of "Secret" or lower.
The security labels are used to enforce the security policies defined by the system administrator, and access to resources is controlled based on the matching of security labels between the resource and the user requesting access. This makes the MAC model highly secure, but also more complex to administer.
In contrast to MAC, discretionary access control (DAC) is a security model in which access to resources is determined by the owner of the resource, and the owner can grant or revoke access as they see fit. Non-discretionary access control (NDAC) is a hybrid model that combines elements of both MAC and DAC. Finally, label-based access control (LBAC) is not a well-defined security model, but rather a term used to describe any access control mechanism that uses security labels to control access to resources.