Protection from modification

Protection from unauthorized modification is primarily accomplished by setting the DAC information to an appropriate value. Normally, these files would be owned by a system user ID with write access allowed only to the owner of the file.

MIC is designed to protect against modification by protecting the integrity of objects. By placing a high MIC label on a file, processes with a lower MIC label are prevented from modifying, deleting, or renaming the file. This is the ideal method to prevent unwanted modification of files.

In some cases, MAC can be used to protect against unauthorized modification. However, MAC is designed to protect only against disclosure (reading) and is not well suited for protecting against modification. Basic MAC policy does not prohibit subjects from modifying higher-label objects. Although not allowed for direct file writes, certain trusted subsystems may allow this. Also, many trusted files, such as executable program files, need to be kept at a low MAC label so that they can be generally accessed. Therefore, setting a high MAC label on a file is not always feasible.

File security flags also protect against file modification. some file security flags prevent modification of objects by even privileged subjects. If the FSF_TLIB file security flag is set for a file, the file can only be changed when the system is in configuration mode, assuming the trustedlib_enabled kernel security flag is turned on. To set FSF_TLIB for a file, a process must have the PV_TCB privilege in its EPS. Another relevant file security flag is the FSF_APPEND flag, which prevents the modification of previously written data. A file with the FSF_APPEND flag set can only have data added to it. This can be useful for an application that logs records to a file.

These flags are usually set for files by integrators rather than under program control. Programmers should be aware of these flags and their functions.