LOMAC
Low Water-Mark Mandatory Access Control (LOMAC) is a Mandatory Access Control model which protects the integrity of system objects and subjects by means of an information flow policy coupled with the subject demotion via floating labels. In LOMAC, all system subjects and objects are assigned integrity labels, made up of one or more hierarchical grades, depending on their types. Together, these label elements permit all labels to be placed in a partial order, with information flow protections and demotion decisions based on a dominance operator describing the order.
Implementations[edit]
- In FreeBSD, the Biba model is implemented by the mac_lomac MAC policy.[1]
- In Linux, there is a project that attempts to implement LOMAC policy.[2]
See also[edit]
- Multi-Level Security — MLS
- Mandatory Access Control — MAC
- Discretionary Access — DAC
- Take-Grant Model
- The Clark-Wilson Integrity Model
- Graham-Denning Model
- Security Modes of Operation
References[edit]
- ^ "Mac_lomac".
- ^ "LOMAC".
- Security Engineering, Ross Anderson (ISBN 0-471-38922-6)
External links[edit]
 | This security software article is a stub. You can help Wikipedia by expanding it. |
 | This Linux-related article is a stub. You can help Wikipedia by expanding it. |