As stated by the CISSP All-in-One Exam Guide, Access Control Models are frameworks which dictate how objects are accessed by subjects. These frameworks are enforced by using specific control technologies and security mechanisms of the model.
Discretionary Access Control (DAC)
- Gives the resource owner the ability to specify the subjects can access specific resources. The model is named “discretionary” due to the control of access which is based on the owner’s discretion. (e.g. department managers as owners of the data within their can specify who should and should not have access).
- Additionally, the DAC model provides restricted access based granted authorization to the users. The most common implementation of DAC is dictated and set by the owners and enforced by the operating system. “This can make a user’s ability to access information dynamic versus the more static role of mandatory access control (MAC).” -CISSP All-in-One Exam Guide
- Unlike the DAC model, users do not have the ability to determine who can access objects. Generally, operating systems that are MAC model based greatly reduce rights, permissions, and functionality that users have for security purposes. This means that a user cannot “install software, change file permissions, add new users”. -CISSP All-in-One Exam Guide
- These highly specialized systems mainly serve to protect highly classified data by governmental agencies that maintain top secret information. Consequently, most people have never interacted with a MAC-based system.
- Controls are centrally administered to determine subject and object interaction. Additionally, access control levels can be based upon the necessary operations and tasks a user needs to carry out to fulfill her responsibilities without an organization. Essentially, access to resources is based on the role the user serves within an organization.
0 comments:
Post a Comment