HOME

TheInfoList



Click Here for Items Related To - Discretionary access control
OR:
Discretionary access control on:   [Wikipedia]   [Google]   [Amazon]

In
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, discretionary access control (DAC) is a type of
access control In physical security and information security, access control (AC) is the action of deciding whether a subject should be granted or denied access to an object (for example, a place or a resource). The act of ''accessing'' may mean consuming ...
defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). Discretionary access control is commonly discussed in contrast to mandatory access control (MAC). Occasionally, a system as a whole is said to have "discretionary" or "purely discretionary" access control when that system lacks mandatory access control. On the other hand, systems can implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraints upon the first.


Implementation

The meaning of the term in practice is not as clear-cut as the definition given in the TCSEC standard, because the TCSEC definition of DAC does not impose any implementation. There are at least two implementations: with owner (as a widespread example) and with capabilities.http://fedoraproject.org/wiki/Features/RemoveSETUID – Fedora 15 set to remove SETUID in favor of (Linux kernel) capabilities


With owner

The term DAC is commonly used in contexts that assume that every object has an ''owner'' that controls the permissions to access the object, probably because many systems do implement DAC using the concept of an owner. But the TCSEC definition does not say anything about owners, so technically an access control system doesn't have to have a concept of ownership to meet the TCSEC definition of DAC. Users (owners) have under this DAC implementation the ability to make policy decisions and/or assign security attributes. A straightforward example is the Unix file mode which represent write, read, and execute in each of the 3 bits for each of User, Group and Others. (It is prepended by another bit that indicates additional characteristics).


With capabilities

As another example, capability systems are sometimes described as providing discretionary controls because they permit subjects to transfer their access to other subjects, even though capability-based security is fundamentally not about restricting access "based on the identity of subjects". In general, capability systems do not allow permissions to be passed "to any other subject"; the subject wanting to pass its permissions must first have access to the receiving subject, and subjects generally only have access to a strictly limited set of subjects consistent with the
principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...
.


See also


References


Citations


Sources

* P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell.
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
'. In Proceedings of the 21st National Information Systems Security Conference, pp. 303–14, Oct. 1998
PDF version
{{refend Computer access control Computer security models Access control