Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Discretionary access control
open-in-new
<h2 id="implementation">Implementation</h2> <p>The meaning of the term in practice is not as clear-cut as the definition given in the TCSEC standard, because the TCSEC definition of DAC does not impose any implementation. There are at least two implementations: with owner (as a widespread example) and with capabilities.<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> </p> <h3>With owner</h3> <p>The term DAC is commonly used in contexts that assume that every object has an <i>owner</i> that controls the permissions to access the object, probably because many systems do implement DAC using the concept of an owner. But the TCSEC definition does not say anything about owners, so technically an access control system doesn't have to have a concept of ownership to meet the TCSEC definition of DAC. </p><p>Users (owners) have under this DAC implementation the ability to make policy decisions and/or assign security attributes. A straightforward example is the <a href="/facts/Filesystem_permissions/DHq5SwI4">Unix file mode</a> which represent write, read, and execute in each of the 3 bits for each of User, Group and Others. (It is prepended by another bit that indicates additional characteristics). </p> <h3>With capabilities</h3> <p>As another example, <a href="/facts/Capability-based_security/negzSwhS">capability systems</a> are sometimes described as providing discretionary controls because they permit subjects to transfer their access to other subjects, even though capability-based security is fundamentally not about restricting access "based on the identity of subjects". In general, capability systems do not allow permissions to be passed "to any other subject"; the subject wanting to pass its permissions must first have access to the receiving subject, and subjects generally only have access to a strictly limited set of subjects consistent with the <a href="/facts/Principle_of_least_privilege/sqsT4tln">principle of least privilege</a>. </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Access_control_list/t38J9Vao">Access control list</a></li> <li><a href="/facts/Attribute-based_access_control/G0e147WX">Attribute-based access control</a> (ABAC)</li> <li><a href="/facts/Context-based_access_control/44MjFtB1">Context-based access control</a> (CBAC)</li> <li><a href="/facts/Graph-based_access_control/XFE4khqN">Graph-based access control</a> (GBAC)</li> <li><a href="/facts/Lattice-based_access_control/YokQf0Jw">Lattice-based access control</a> (LBAC)</li> <li><a href="/facts/Mandatory_access_control/yvtGFacq">Mandatory access control</a> (MAC)</li> <li><a href="/facts/Organisation-based_access_control/5tMMd2FH">Organisation-based access control</a> (OrBAC)</li> <li><a href="/facts/Role-based_access_control/dPN1ohBE">Role-based access control</a> (RBAC)</li> <li><a href="/facts/RSBAC/v80DmzH2">Rule-set-based access control (RSBAC)</a></li> <li><a href="/facts/Capability-based_security/negzSwhS">Capability-based security</a></li> <li><a href="/facts/Risk-based_authentication/FWM2b8eV">Risk-based authentication</a></li> <li><a href="/facts/XACML/oWm4wa7C">XACML</a> (eXtensible Access Control Markup Language)</li></ul> <h3>Citations</h3> <h3>Sources</h3> <ul><li>P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell. <i><a href="https://web.archive.org/web/20070621155813/http://jya.com/paperF1.htm">The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments</a></i>. In Proceedings of the 21st National Information Systems Security Conference, pp. 303–14, Oct. 1998. <a href="http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf">PDF version</a>.</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Trusted Computer System Evaluation Criteria. United States Department of Defense. December 1985. DoD Standard 5200.28-STD. Archived from the original on 2006-05-27. <a href="https://web.archive.org/web/20060527214348/http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html" target="_blank">https://web.archive.org/web/20060527214348/http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>http://fedoraproject.org/wiki/Features/RemoveSETUID – Fedora 15 set to remove SETUID in favor of (Linux kernel) capabilities <a href="https://fedoraproject.org/wiki/Features/RemoveSETUID" target="_blank">https://fedoraproject.org/wiki/Features/RemoveSETUID</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> </ol>