Discretionary Access Control
Discretionary Access Control ( DAC) or Discretionary access control is a security policy for IT systems. Here, the decision whether to allow access to a resource, made solely on the basis of the identity of the actor. That is, the access rights for (data) objects are set per user. A weakening of this concept is the use of user roles and groups represent (see Role Based Access Control).
The Discretionary Access Control is the opposite of the Mandatory Access Control, make the access on the basis of general rules and additional information about the actor.
Management
Formal can be described as a relation between subject, object and access rights law in a system with Discretionary Access Control (S, O, R) → { yes, no }; This corresponds to a matrix of S × O entries ( one entry per subject-object pair), each entry is the set of rights that has the subject to the object, ie: r ( o, s) → R *.
A special feature is that subjects can pass on their own rights to other subjects, while mandatory access control exclusively a central administrative authority may grant rights.
Subjects in this context are actors, that is, for example, users, processes or programs. Objects are data or resources ( such as files, printers, etc ) on which a subject can perform operations. It should be noted that subjects can be objects at the same time, an administrator (subject) for example, has the right to delete a user ( in this context, an object). Conversely, can be a subject, for example when a program "starts ", ie generated from a file a process from an object.
One way to represent the access rights that take account of this factor is the representation as a graph with directed labeled edges: Each node in the graph corresponds to a subject or object, each edge of a " has - law " relationship.
On Unix and Windows, the rights assignment is done by a administrator-managed discretionary access control list also DACL ( Discretionary Access Control List) called. The entries in this list are abbreviated as ACE (Access Control Entry). Audit settings are controlled via the SACL ( System Access Control List ) that contains all security roles and events in access to the DACL generated.
Disadvantages
It may be necessary to grant extended access rights for certain restricted operations to the user. An example of this is to change your own password by the user on Unix.
To allow such operations, under Unix, the corresponding program is provided with the so-called SUID flag, so that the program runs under the user ID of the owner of the program file. Frequently this is the root user, who on a Unix system access to all system resources.
This creates a risk that an unauthorized person could gain by exploiting a vulnerability in full control of the system.
Therefore, extensions have been developed for specific operating systems, such as Linux or FreeBSD, which are based on another security concept. Among these extensions, the decisions about access rights are no longer made solely on the basis of the user identification under which a Unix program is executed. This prevents an attacker could take complete control of a system by exploiting a vulnerability.