Skip to content

Page253

Access Control Models

Now that we have reviewed the cornerstone access control concepts, we can discuss the different access control models: the primary models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) along with the more recently defined approaches Attribute-Based Access Control (ABAC) and Risk-Based Access Control.

Do not think of one model being better than another. Instead, keep in mind that each model is used for a specific information security purpose. For example, if you had a weather website that required immediate data updates, but the information itself could have small errors in it (weather data is notoriously unreliable), the data integrity model would be different from a top secret database that had nuclear launch codes (it is VERY important that nuclear launch code data be both reliable AND kept highly confidential).

Discretionary Access Controls (DAC)

Discretionary Access Control (DAC) gives subjects full control of objects they have created or been given access to, including sharing the objects with other subjects. Subjects are empowered and control their data. Standard UNIX and Windows operating systems use DAC for file systems: subjects can grant other subjects access to their files, change their attributes, alter them, or delete them.

If a subject makes a mistake, such as attaching the wrong file to an email sent to a public mailing list, loss of confidentiality can result. Mistakes and malicious acts can also lead to a loss of integrity or availability of data.

Mandatory Access Controls (MAC)

Mandatory Access Control (MAC) is system-enforced access control based on a subject’s clearance and an object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top secret to secret). MAC systems are usually focused on preserving the confidentiality of data.

Mandatory Access Control is expensive and difficult to implement, especially when attempting to separate differing confidentiality levels (security domains) within the same interconnected IT system. Clearing users is an expensive process; see the “Clearance” section in Chapter 3, Domain 2: Asset Security, for more information. Specific MAC models, such as Bell-LaPadula, are discussed in Chapter 4, Domain 3: Security Architecture and Engineering.