Access to information and/or systems and infrastructure
is controlled by a set of mechanisms that are not under discretionary control
and cannot be bypassed. Examples include:
the objective implementation of trusted systems,
POset and Lattice-based systems, and
systems using digital diodes and/or guard applications to limit access.
Complexity: Despite more
than fifteen years of substantial theoretical and development efforts and
hundreds of millions of dollars in costs, almost no systems to date have
been built that provide fully effective mandatory access control for general
purpose computing with reasonable performance. This appears to involve many
undecidable problems and some theoretical limitations that appear to be
impossible to fully resolve. Examples of unsolvable problems include perfect
access control decisions and non-fixed shared resources without covert
channels. Highly complex problems include viruses, data aggregation controls,
and unlimited granularity in access control decision-making.
fc@red.a.net