A mandatory access control mechanism for the Unix file system

The design of a mandatory access control (MAC) mechanism for the Unix file system is described. The design is simple, compatible with AT&T's Systems V and Berkeley's BSD Unix with Sun Microsystem's Network File System support, and it avoids some of the deficiencies present in approaches done to date. The MAC design introduces the concept of file name hiding. The design eliminates the need for partitioned directories and the need to log out and then log in again to use upgraded directories. The author briefly describes the traditional Unix file system. Approaches to adding a mandatory access control mechanism to the Unix file system are detailed, and problems with the approaches are examined. Finally, the proposed approach is described, including an explanation of how it solves the deficiencies of the previous approaches.<<ETX>>