Many systems use mandatory access control (MAC) to constrain a subject or an initiator from being able to access, use, or perform one or more operations on an object (e.g., data or software) or a target element of the system (e.g., a block, a unit, a module, a directory, etc.). In MAC, the restraining of access to an object may be based on the sensitivity (e.g., represented by a label) of the information contained in that object. The subjects may be formally authorized by, for example, obtaining clearance to access sensitive information contained in that object. For instance, an operating system may exert the access control to restrain the access to the object or the target element. Existing MAC has been defined primarily for software objects (e.g., files, directories, documents, etc.) and operating system concepts (e.g., TCP connections, group memberships, etc.).
Discretionary Access Control (DAC), on the other hand, may leave the subject in control of the processing rights and even of granting (e.g., transitively) such rights to other entities. DAC may have a number of disadvantages as compared to MAC. For example, in DAC, a compromised subject (e.g., a misconfigured or subverted software or buggy hardware) may allow objects to leak outside the compartment in which they are supposed to stay. For instance, a data block may be allowed by subverted software to be copied to a device that the device is not supposed to have access to.