[1] In the case of operating systems, the subject is a process or thread, while objects are files, directories, TCP/UDP ports, shared memory segments, or IO devices.
In this context, MAC implies a high degree of rigor to satisfy the constraints of MLS systems.
The more recent MAC implementations, such as SELinux and AppArmor for Linux and Mandatory Integrity Control for Windows, allow administrators to focus on issues such as network attacks and malware without the rigor or constraints of MLS.
Historically, MAC was strongly associated with multilevel security (MLS) as a means of protecting classified information of the United States.
The Trusted Computer System Evaluation Criteria (TCSEC), the seminal work on the subject and often known as the Orange Book, provided the original definition of MAC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity".
To promote consistency and eliminate subjectivity in degrees of robustness, an extensive scientific analysis and risk assessment of the topic produced a landmark benchmark standardization quantifying security robustness capabilities of systems and mapping them to the degrees of trust warranted for various security environments.
In one case, TCSEC level C2[5] (not a MAC-capable category) was fairly faithfully preserved in the Common Criteria, as the Controlled Access Protection Profile (CAPP).
They are pursuant to MLS, but lack the detailed implementation requirements of their Orange Book predecessors, focusing more on objectives.
An unknown program might comprise an untrusted application where the system should monitor or control accesses to devices and files.
A few MAC implementations, such as Unisys' Blacker project, were certified robust enough to separate Top Secret from Unclassified late in the last millennium.
[12] Version 5.0 and later of the Android operating system, developed by Google, use SELinux to enforce a MAC security model on top of its original UID-based DAC approach.
[citation needed] Amon Ott's RSBAC (Rule Set Based Access Control) provides a framework for Linux kernels that allows several different security policy / decision modules.
A general goal of RSBAC design was to try to reach (obsolete) Orange Book (TCSEC) B1 level.
The model of mandatory access control used in RSBAC is mostly the same as in Unix System V/MLS, Version 1.2.1 (developed in 1989 by the National Computer Security Center of the USA with classification B1/TCSEC).
Smack (Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control rules, with simplicity as its main design goal.
[16] Differently from the label-based approach used by SELinux, TOMOYO Linux performs a pathname-based Mandatory Access Control, separating security domains according to process invocation history, which describes the system behavior.
Sun's Trusted Solaris uses a mandatory and system-enforced access control mechanism (MAC), where clearances and labels are used to enforce a security policy.
However note that the capability to manage labels does not imply the kernel strength to operate in multilevel security mode[citation needed].