Page 1030 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1030

based access controls


               The MAC model also allows labels to identify more defined security
               domains. Within the Confidential section (between Private and
               Confidential), there are four separate security domains labeled Lentil,
               Foil, Crimson, and Matterhorn. These all include Confidential data but
               are maintained in separate compartments for an added layer of
               protection. Users with the Confidential label also require the

               additional label to access data within these compartments. For
               example, to access Lentil data, users need to have both the
               Confidential label and the Lentil label.

               Similarly, the compartments labeled Domino, Primrose, Sleuth, and
               Potluck include Private data. Users need the Private label and one of
               the labels in this compartment to access the data within that

               compartment.
               The labels in Figure 14.3 are names of World War II military

               operations, but an organization can use any names for the labels. The
               key is that these sections provide an added level of
               compartmentalization for objects such as data. Notice that Sensitive
               data (between the Public and Sensitive boundaries) doesn’t have any
               additional labels. Users with the Sensitive label can be granted access

               to any data with the Sensitive label.

               Personnel within the organization identify the labels and define their
               meanings as well as the requirements to obtain the labels.
               Administrators then assign the labels to subjects and objects. With the
               labels in place, the system determines access based on the assigned
               labels.

               Using compartmentalization with the MAC model enforces the need to
               know principle. Users with the Confidential label are not automatically

               granted access to compartments within the Confidential section.
               However, if their job requires them to have access to certain data, such
               as data with the Crimson label, an administrator can assign them the
               Crimson label to grant them access to this compartment.

               The MAC model is prohibitive rather than permissive, and it uses an
               implicit deny philosophy. If users are not specifically granted access to
   1025   1026   1027   1028   1029   1030   1031   1032   1033   1034   1035