强制访问控制：修订间差异

The Common Criteria^[2] is based on this science and it intended to preserve the Assurance Level as EAL levels（英语：Evaluation Assurance Level） and the functionality specifications as Protection Profile（英语：Protection Profile）s. Of these two essential components of objective robustness benchmarks, only EAL levels were faithfully preserved. In one case, TCSEC（英语：TCSEC） level C2^[3] (not a MAC capable category) was fairly faithfully preserved in the Common Criteria, as the Controlled Access Protection Profile（英语：Controlled Access Protection Profile） (CAPP).^[4] Multilevel security（英语：Multilevel security） (MLS) Protection Profiles (such as MLSOSPP similar to B2)^[5] is more general than B2. They are pursuant to MLS, but lack the detailed implementation requirements of their Orange Book（英语：Trusted Computer System Evaluation Criteria） predecessors, focusing more on objectives. This gives certifiers more subjective flexibility in deciding whether the evaluated product’s technical features adequately achieve the objective, potentially eroding consistency of evaluated products and making it easier to attain certification for less trustworthy products. For these reasons, the importance of the technical details of the Protection Profile is critical to determining the suitability of a product.

A few MAC implementations, such as 優利系統' Blacker（英语：Blacker (security)） project, were certified robust enough to separate Top Secret from Unclassified late in the last millennium. Their underlying technology became obsolete and they were not refreshed. Today there are no current implementations certified by TCSEC（英语：TCSEC） to that level of robust implementation. However, some less robust products exist.

• Amon Ott's RSBAC (Rule Set Based Access Control) provides a framework for Linux kernels that allows several different security policy / decision modules. One of the models implemented is Mandatory Access Control model. A general goal of RSBAC design was to try to reach (obsolete) Orange Book (TCSEC) B1 level. The model of mandatory access control used in RSBAC is mostly the same as in Unix System V/MLS, Version 1.2.1 (developed in 1989 by the National Computer Security Center of the USA with classification B1/TCSEC). RSBAC requires a set of patches to the stock kernel, which are maintained quite well by the project owner.
• An 美国国家安全局 research project called SELinux added a Mandatory Access Control architecture to the Linux内核, which was merged into the mainline version of Linux in August 2003. It utilizes a Linux 2.6 kernel feature called LSM (Linux Security Modules interface). Red Hat Enterprise Linux version 4 (and later versions) come with an SELinux-enabled kernel. Although SELinux is capable of restricting all processes in the system, the default targeted policy in RHEL confines the most vulnerable programs from the unconfined domain in which all other programs run. RHEL 5 ships 2 other binary policy types: strict, which attempts to implement 最小权限原则, and MLS, which is based on strict and adds MLS labels. RHEL 5 contains additional MLS enhancements and received 2 LSPP（英语：Labeled Security Protection Profile）/RBACPP/CAPP/EAL4+ certifications in June 2007.^[6]
• TOMOYO Linux（英语：TOMOYO Linux） is a lightweight MAC implementation for Linux and 嵌入式Linux, developed by NTT Data Corporation（英语：NTT Data Corporation）. It has been merged in Linux Kernel mainline version 2.6.30 in June 2009.^[7] Differently from the label-based approach used by 安全增强式Linux, TOMOYO Linux performs a pathname-based Mandatory Access Control, separating security domains according to process invocation history, which describes the system behavior. Policy are described in terms of pathnames. A security domain is simply defined by a process call chain, and represented as a string. There are 4 modes: disabled, learning, permissive, enforcing. Administrators can assign different modes for different domains. TOMOYO Linux introduced the "learning" mode, in which the accesses occurred in the kernel are automatically analyzed and stored to generate MAC policy: this mode can be used as first step of policy writing, making it easy to customize later.
• SUSE (now^[update] supported by Novell) and Ubuntu 7.10 have added a MAC implementation called AppArmor. AppArmor utilizes a Linux 2.6 kernel feature called LSM (Linux Security Modules interface). LSM provides a kernel API that allows modules of kernel code to govern ACL (DAC ACL, access control lists). AppArmor is not capable of restricting all programs and is optionally in the Linux kernel as of version 2.6.36.^[8]
• Linux and many other Unix distributions have MAC for CPU (multi-ring), disk, and memory; while OS software may not manage privileges well, Linux became famous during the 1990s as being more secure and far more stable than non-Unix alternatives. Linux distributors disable MAC to being at best DAC for some devices - although this is true for any consumer electronics available today.
• grsecurity（英语：grsecurity） is a patch for the Linux kernel providing a MAC implementation (precisely, it is a RBAC implementation). Hardened Gentoo（英语：Hardened Gentoo） offers a pre-patched kernel with grsecurity. grsecurity is not implemented via the LSM API.^[9]
• 微软 Starting with Windows Vista and Server 2008 Windows incorporates 强制完整性控制, which adds Integrity Levels (IL) to processes running in a login session. MIC restricts the access permissions of applications that are running under the same user account and which may be less trustworthy. Five integrity levels are defined: Low, Medium, High, System, and Trusted Installer.^[10] Processes started by a regular user gain a Medium IL; elevated processes have High IL.^[11] While processes inherit the integrity level of the process that spawned it, the integrity level can be customized on a per-process basis: e.g. IE7 and downloaded executables run with Low IL. Windows controls access to objects based on ILs, as well as for defining the boundary for window messages via 用户界面特权隔离. Named objects, including files, registry keys or other processes and threads, have an entry in the ACL governing access to them that defines the minimum IL of the process that can use the object. MIC enforces that a process can write to or delete an object only when its IL is equal to or higher than the object’s IL. Furthermore, to prevent access to sensitive data in memory, processes can’t open processes with a higher IL for read access.^[12]
• FreeBSD supports Mandatory Access Control, implemented as part of the TrustedBSD project. It was introduced in FreeBSD 5.0. Since FreeBSD 7.2, MAC support is enabled by default. The framework is extensible; various MAC modules implement policies such as Biba（英语：Biba Integrity Model） and Multi-Level Security（英语：Multi-Level Security）.
• Sun's Trusted Solaris（英语：Trusted Solaris） uses a mandatory and system-enforced access control mechanism (MAC), where clearances and labels are used to enforce a security policy. However note that the capability to manage labels does not imply the kernel strength to operate in Multi-Level Security（英语：Multi-Level Security） mode^{[來源請求]}. Access to the labels and control mechanisms are not^{[來源請求]} robustly protected from corruption in protected domain maintained by a kernel. The applications a user runs are combined with the security label at which the user works in the session. Access to information, programs and devices are only weakly controlled^{[來源請求]}.
• Apple's Mac OS X MAC framework is an implementation of the FreeBSD MAC framework.^[13] A limited high-level sandboxing interface is provided by the command-line function sandbox_init. See the sandbox_init manual page for documentation.^[14]
• Oracle Label Security（英语：Oracle Label Security） is an implementation of mandatory access control in the Oracle数据库.
• SE-PostgreSQL（英语：SE-PostgreSQL） is a work in progress as of 2008-01-27,^[15][16] providing integration into SE-Linux. It aims for integration into version 8.4, together with row-level restrictions.
• Trusted RUBIX（英语：Trusted RUBIX） is a mandatory access control enforcing DBMS that fully integrates with SE-Linux to restrict access to all database objects.^[17]
• Astra Linux OS developed for 俄罗斯陆军 has its own mandatory access control.^[18]
• Smack（英语：Smack (software)） (Simplified Mandatory Access Control Kernel) is a Linux内核 security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control rules, with simplicity as its main design goal.^[19] It has been officially merged since the Linux 2.6.25 release.^[20]