Low Water-Mark Mandatory Access Control (LOMAC) is a Mandatory Access Control model which protects the integrity of system objects and subjects by means of an information flow policy coupled with the subject demotion via floating labels. In LOMAC, all system subjects and objects are assigned integrity labels, made up of one or more hierarchical grades, depending on their types. Together, these label elements permit all labels to be placed in a partial order, with information flow protections and demotion decisions based on a dominance operator describing the order.
Implementations
* In
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
, the Biba model is implemented by the mac_lomac MAC policy.
* In
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, there is a project that attempts to implement LOMAC policy.
See also
*
Multi-Level Security
Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
— MLS
*
Mandatory Access Control — MAC
*
Discretionary Access — DAC
*
Take-Grant Model
*
The Clark-Wilson Integrity Model
*
Graham-Denning Model
*
Security Modes of Operation
References
* Security Engineering, Ross Anderson ()
External links
The LOMAC project*
Computer security models
Computer access control
{{linux-stub