![]() Casually, a system as a whole is considered as “purely discretionary” or “discretionary” access control as a way of expressing that the system lacks MAC. Usually, discretionary access control is discussed in contrast to mandatory access control. The controls are discretionary in the sense that a subject with certain access permission can pass that permission, maybe indirectly, onto any other subject unless restricted by mandatory access control. It is based on the identity of subjects or groups or both to which they belong. What is discretionary access control? In computer security, discretionary access control (DAC) refers to a kind of access control to restrict access to objects. ![]() Read More Discretionary Access Control Definition Recent MAC implementations like SELinux and AppArmor for Linux and mandatory integrity control for Windows allow administrators to focus on problems such as malware and cyberattacks without the rigor or constraints of MLS. However, mandatory access control has deviated out of the MLS niche and become more mainstream. Under such a condition, MAC implies a high degree of rigor to meet the restriction of MLS systems. Traditionally, mandatory access control has been closely associated with multilevel security (MLS) and specialized military systems. Yet, in a database, the objects are tables, views, procedures, and so on. In the case of the database, the mandatory access control can also apply to the database’s access control mechanism. Any operation by any subject on any object is tested against the set of authorization rules/policy to decide whether the operation can take place or not. Whenever a subject tries to access an object, an authorization rule enforced by the system kernel will check those security attributes and determine whether to allow the access or not. Subjects and objects each have a set of security attributes. In the case of OS, a subject is usually a process or thread and objects are constructs like files, directories, shared memory segments, ports ( TCP or UDP), as well as input/output (I/O) devices. Relying on MAC, operating system (OS) or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. What is mandatory access control? In computer security, mandatory access control (MAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |