Design and implementation MAC in security operating system

Users and resources in a system are defined subjects and objects separately and abstractly by a mandatory access control mechanism. Both subjects and objects are endowed with security levels. Subjects accessing objects must obey security policy according their security levels in MAC. In this paper, we introduce how to design and implement a MAC mechanism in a security operating system. It includes how to define security levels based on the BLP model, and why and how to create multilevel directories.