concept

Mandatory Access Control

Mandatory Access Control (MAC) is a security model that enforces access policies based on classifications and clearances, where access decisions are made by a central authority rather than the resource owner. It is commonly used in high-security environments like government and military systems to prevent unauthorized data disclosure or modification. MAC operates by labeling subjects (e.g., users, processes) and objects (e.g., files, devices) with security attributes, such as sensitivity levels, and allowing access only if the subject's attributes dominate the object's attributes.

Also known as: MAC, Mandatory Access Controls, Multi-Level Security, Bell-LaPadula Model, Biba Model
🧊Why learn Mandatory Access Control?

Developers should learn MAC when building or maintaining systems that require strict, centralized security enforcement, such as in defense, finance, or healthcare applications where data confidentiality and integrity are critical. It is essential for implementing compliance with regulations like HIPAA or FISMA, and for preventing privilege escalation attacks by limiting user discretion over access rights. Use cases include secure operating systems, multi-level security databases, and applications handling classified or sensitive information.

Compare Mandatory Access Control

Mandatory Access Control vs Discretionary Access ControlMandatory Access Control vs Role Based Access ControlMandatory Access Control vs Attribute Based Access Control

Learning Resources

📄
NIST Guide to Mandatory Access Control
docs
📝
SELinux Tutorial by Red Hat
tutorial
📄
Mandatory Access Control on Wikipedia
docs
🎬
CISSP Exam Prep: Access Control Models
video
📚
Book: Computer Security: Principles and Practice by Stallings and Brown
book

Related Tools

Discretionary Access ControlRole Based Access ControlSecurity LabelsSelinuxApparmor

Alternatives to Mandatory Access Control

Discretionary Access ControlRole Based Access ControlAttribute Based Access Control