Mandatory Access Control

957 Words4 Pages
In computer security, Discretionary Access Control (DAC) is a type of access control in which a user has complete control over all the programs it owns and executes, and also determines the permissions other users have those those files and programs. Because DAC requires permissions to be assigned to those who need access, DAC is commonly called described as a "need-to-know" access model. In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria[1] "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission…show more content…
Early hardware-based enforcement implementations of MAC such as Honeywell's SCOMP, USAF SACDIN, NSA Blacker, and Boeing's MLS LAN focused on MLS to protect military-oriented security classification levels with robust enforcement. Originally, the term MAC denoted that the access controls were not only guaranteed in principle, but in fact. Early security strategies[2] enabled enforcement guarantees that were dependable in the face of national lab level attacks. More recently, with the departure from strict hardware-based enforcement the expectations of the term "mandatory" has become more relaxed, migrating from mandating near absolute enforcement to acceptance of "best effort" enforcement. While software-based enforcement is more flexible, the security technology has not yet produced a software-based enforcement strategy that can enforce a policy with near certainty. This is because it has been much more difficult to be certain about what a software-based system will never do compared to that of hardware-based system. With software-oriented implementations such as SELinux (incorporated into
Open Document