Process *P* makes request *r* for protected resource *R*. - [[05 - Authentication|Authentication]] tells us who is making this request or is the source for *r*. This is defined by user ID or *UID* - Authorization helps us understand if a user id *UID* should be granted access to a resource *r* or not. ## Security Policies A security policy should define who can access what resources. There are two types: ### Discretionary access control When the creator of a resource defines the security policy for accessing a resource ### Mandatory access control Creator of the policy is not the creator of the resource, but is usually controlled at the org level. [[TCB - Trusted Computing Base|TCB]] access control mechanisms help enforce these defined policies. The [[TCB - Trusted Computing Base|TCB]] has an internal state that helps it make decisions about granting or denying requests. These states are abstracted by an [[Access control matrix|access control matrix]]. ### Why MAC? DAC has some problems that MAC can solve. With MAC, TCB can limit sharing of information by a user to meet an organization’s needs. #### The information flow control problem When Alice is sharing sensitive data or a files with Bob, she cannot be sure that it will not be shared with others. Bob can just make a copy of Alice’s file into a new file, and share it with others. There is no track of this information leakage. #### In DAC, the user sets permissions In commercial setting, organizations would want to limit what information is shared with whom. Example, even when you are an employee in the payroll department, you are not allowed to share salary information with anyone. #### What do MAC policies address? | | Confidentiality | Integrity | | ------------ | --------------- | --------- | | [[Bell and LaPadula model]] | Yes | No | | [[Biba model for integrity]] | No | Yes | | [[Role-based access control]] | Yes | Yes | | [[Clark-Wilson policy]] | No | Yes | | [[Chinese wall policy]] | Yes | No |