In an MLS system, most users use a security label only when they log on to the system or submit a job. The rest of the time, security labels are read, decoded, and applied by CA Top Secret and the system. Security administrators can create and assign security labels based on their organization's security policy. In addition, depending on what MLS system options have been set, CA Top Secret will assign a security label to data when it is created.
When MLS is active in CA Top Secret, MAC security label checking is performed before DAC access rule checking, except in the case of system entry where a user must be identified to the system before label validation can be performed.
CA Top Secret determines MAC access based on the dominance relationship between the label of the object and the label of the subject that is trying to access the object. The factors that CA Top Secret uses to determine the dominance relationship are:
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|