Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.1  Access Control

Previous Topic/Section
1.1  Access Control
Previous Page
Pages in Current Topic/Section
Next Page
1.1.2  Discretionary Access Control (DAC)
Next Topic/Section

1.1.1  Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is military-strength access control. In the absence of a permission that specifically allows you access, you are not getting in. Every thing in the system is an object and every object gets a classification label, which usually represents the sensitivity of the object, such as “top secret” or “confidential”. Individual users, called subjects, are also assigned a privilege level, called a clearance. To determine whether or not a given individual can access a certain object, the object’s classification level and the user’s clearance level are compared. There is an established hierarchy to the labels (or levels), such that anyone authorized to see “top secret” information can also view “secret” and “general access” information since those are less sensitive, but someone authorized only to view “general access” information can’t necessarily see the more sensitive “top secret” information.

MAC Labels

Labels may be used to define projects as well. This means that while you may have a top-secret clearance, you are not automatically granted access to a secret project if that particular project is not assigned to your area.

The Bell-LaPadula formal model of access control uses mandatory access control. It is based on several properties, including:

  • star property (or * property), also called the containment level, which states that an untrustworthy user can only write (append information) to objects whose security level is greater than or equal to their own (to make sure that someone with a high clearance level doesn’t accidentally share sensitive information with someone having a lower clearance level – i.e., it prevents “information leakage”)

  • simple property, which states that a user can read data only if its security level is as sensitive as, or less sensitive than, their clearance level (think about a 4-star general being entitled to see more data than a 1-star general)

  • tranquility property, which states that the security level of an object cannot be changed while it is in use by the computer system (this sidesteps the problem of what to do with users actively using an object who are no longer permitted access when the object’s security level changes)


The Bell-LaPadula model describes a mandatory access control model that is used by the military. It determines whether an access is permissible by comparing an object’s (or data item’s) assigned hierarchical classification level and the subject’s clearance level. If the user’s clearance level is at least as high as the classification level of the object, the access control rule permits the access. Otherwise, access is denied.

Figure 3: MAC uses both hierarchical classification and the subjects clearance level.


Another MAC-based model is the Lattice-based access control model. It shares with the Bell-LaPadula model the idea that objects and users are each given a hierarchical security level label, and that you determine whether or not a user has access to an object, by comparing their labels. As with Bell-LaPadula, if the user’s clearance level is at or above the classification level of the object, access is permitted.

[spacer]Bell-LaPadula and Lattice

Sometimes the terms “Bell-LaPadula model” and “Lattice-based model” are used interchangeably, but the original version of the Lattice-based model did not include the Bell-LaPadula’s requirement that a user is not permitted to write into a document with a lower security level than the user’s security level. Thus, technically, it did not prevent disclosure of higher-level information to lower-level users as well as does the Bell-LaPadula model.

MAC & Lattice

Another MAC model is Lattice-based
48 access control, sometimes also referred to as the Bell-LaPadula model.



Previous Topic/Section
1.1  Access Control
Previous Page
Pages in Current Topic/Section
Next Page
1.1.2  Discretionary Access Control (DAC)
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.