Architecture
- Subject
- A subject must request access to take an action.
- like a process that is requesting access to a resource.
- Access can be controlled via Access Vector Rules.
- Object Manager (OM)
- Controls the access of the subject
- Query the Security Server in order to allow or deny
- can resides both on kernel and user space
- Security Server
- makes decisions based on the Security Policy and returns an answer
- resides in the Linux Kernel
- Access Vector Cache (AVC)
- stores the decisions of the security server
- can resides both on kernel and user space
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Links