Subject – An active entity, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Technically, a process/domain pair. [Orange Book]
Object – A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc. [Orange Book]
Clearance – A formal security determination by an authorized adjudicative office that an individual is authorized access, on a need to know basis, to a specific level of classified information (TOP SECRET, SECRET, or CONFIDENTIAL). [CNSSI 4009-2015]
Sensitivity Label – A piece of information that represents the security level of an object and that describes the sensitivity (e.g., classification) of the data in the
object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions. [Orange Book]
Trusted Computing Base (TCB) – The totality of protection mechanisms within a computer system — including hardware, firmware, and software — the combination of which is responsible for enforcing a security policy.
Reference Monitor Concept – An access control conceptthat refers to an abstract machine that mediates all accesses to objects by subjects. [Orange Book]
Security Kernel – The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediateall accesses, be protected from modification, and be verifiable as correct. [Orange Book]