black traffic light turned on during night time
Tue Jul 18

Discretionary Access Control: What It Is And How It Works

Discretionary access control (DAC) is a kind of [access control policy](https://www.binaryte.com/blog/access-control-what-it-is-how-it-works- and-how-to-implement-it) that lets users choose who can access their data and resources. In other words, users have the freedom to give or take away permissions to other users or groups based on their identity or affiliation. DAC is one of the most popular and widely used access control models in computer security, as it provides flexibility and convenience for users to manage their own data.

Some examples of DAC systems are:

  • File systems that allow users to set read, write, and execute permissions for their files and directories.
  • Database systems that allow users to create tables, views, and procedures and grant privileges to other users or roles.
  • Web applications that allow users to share their content with specific friends or followers.

DAC is often compared with another kind of access control policy called [mandatory access control (MAC)](https://www.binaryte.com/blog/what-is- mandatory-access-control-and-how-does-it-work), which enforces strict rules based on predefined security labels or classifications. MAC is usually implemented by system administrators or security officers who have the authority to define and enforce the security policy for the whole system. MAC is often used in high-security environments, such as military or government systems, where data confidentiality and integrity are essential.

Discretionary Access Control vs Mandatory Access Control

DAC and MAC have different advantages and disadvantages depending on the context and requirements of the system. Here are some of them:

Flexibility

DAC is more flexible than MAC, as it allows users to customize their access rights according to their needs and preferences. Users can easily share or restrict their data with other users without having to depend on a central authority or a fixed policy. MAC is less flexible than DAC, as it imposes rigid rules that cannot be changed by individual users. Users have to follow the predefined security policy regardless of their personal or situational needs.

Simplicity

DAC is simpler than MAC, as it does not require complex mechanisms or structures to implement. Users only need to know the identity or group membership of other users to give or take away permissions. MAC is more complex than DAC, as it requires sophisticated mechanisms or structures to implement, such as security labels, clearance levels, domains, compartments, etc. Users need to understand the security policy and its implications to comply with it.

Scalability

DAC is less scalable than MAC, as it can become difficult to manage when there are many users and resources in the system. Users may have to deal with multiple permissions for different objects, which can lead to inconsistency, redundancy, or conflicts. Users may also lose track of who has access to what, which can compromise accountability and auditability. MAC is more scalable than MAC, as it can handle large-scale systems with many users and resources more efficiently. Users only need to deal with one security policy for all objects, which can ensure consistency, simplicity, and clarity. Users can also easily trace who has access to what, which can enhance accountability and auditability.

Security

DAC is less secure than MAC, as it relies on the trustworthiness and competence of individual users to protect their data and resources. Users may intentionally or unintentionally give excessive or inappropriate permissions to other users, which can result in unauthorized information flow or misuse. Users may also be tricked or coerced into giving up their permissions by malicious actors, such as hackers or insiders. MAC is more secure than DAC, as it prevents users from compromising the security policy by design. Users cannot give or take away permissions to other users, which can prevent unauthorized information flow or misuse. Users are also protected from external or internal threats, as they cannot be manipulated or coerced into violating the security policy.

How Discretionary Access Control Works

There are at least two ways to implement DAC in a system: with owner and with capabilities.

With owner

One way to implement DAC is to use the concept of an owner, who is a user who has the power to control the access rights of an object. The owner can decide who can access the object and what kind of operations they can perform on it. The owner can also delegate their power to other users or groups by granting them permissions or privileges.

A common example of a DAC system with owner is the Unix file mode, which represents the access rights for files and directories in a Unix-like operating system. The file mode consists of three sets of three bits, each representing the read, write, and execute permissions for the user (owner), the group, and the others (world). For example, a file mode of 755 means that the owner has read, write, and execute permissions (7), the group has read and execute permissions (5), and the others have read and execute permissions (5).

With capabilities

Another way to implement DAC is to use the concept of capabilities, which are tokens that grant access rights to an object. A capability is a data structure that contains an identifier of an object and a set of operations that can be performed on it. A user who has a capability can access the object and perform the authorized operations on it. A user can also transfer their capability to another user by sending or copying it.

An example of a capability-based security system is the KeyKOS operating system, which was developed in the 1980s. KeyKOS used capabilities as the main means of accessing and manipulating objects in the system, such as files, processes, devices, etc. Each capability was represented by a 64-bit key that was stored in a key register or a key memory. A user could invoke a capability by using a special instruction that specified the key register or the key memory address. A user could also create, copy, delete, or transfer capabilities using other instructions.

Challenges and Limitations of Discretionary Access Control

Despite its popularity and usefulness, DAC also faces some challenges and limitations that may affect its performance and security. Some of them are:

Policy enforcement

DAC may not be able to enforce a consistent and coherent policy across the system, as different users may have different preferences and behaviors regarding their access rights. For example, some users may be more generous or careless than others in giving permissions to other users, which may create conflicts or loopholes in the policy. Some users may also change their permissions frequently or arbitrarily, which may cause confusion or inconsistency in the policy.

Information flow

DAC may not be able to prevent unauthorized information flow within or outside the system, as users may have the ability to pass their information or permissions to other users who are not supposed to have them. For example, a user who has access to classified information may share it with another user who does not have the proper clearance level, either intentionally or accidentally. A user who has access to a sensitive resource may give their permission to another user who may misuse it for malicious purposes.

User accountability

DAC may not be able to ensure user accountability for their actions and decisions regarding their access rights, as users may have too much freedom and power to control their data and resources. For example, a user who has caused damage or loss to their data or resources may not be held responsible for their negligence or incompetence, as they can claim that they were unaware or misinformed of their permissions. A user who has violated the security policy or harmed other users may not be traced or identified easily, as they can hide behind their permissions or capabilities.

Conclusion

Discretionary access control is a kind of access control policy that gives users the freedom to decide who can access their data and resources based on their identity or group membership. DAC is widely used in computer security systems because it offers flexibility and simplicity for users to manage their own data. However, DAC also has some drawbacks, such as difficulty in enforcing consistent policies, risk of unauthorized information flow, and vulnerability to malicious or careless users.

Choosing or designing a DAC system requires careful consideration of the context and requirements of the system, as well as the trade-offs between flexibility and security. Users should also be aware of their responsibilities and obligations when using a DAC system, as they have a significant impact on the performance and security of the system.

You might like

Server-Side Request Forgery: Definition, Mechanism, and Prevention

Learn what SSRF is, how it works, and how to prevent it with secure coding practices and network access control. Don't let SSRF compromise your web application security. Read now and protect your resources!
What Is Zero Day Vulnerability?

The impact of zero-day vulnerabilities on cybersecurity and society is significant. They can cause financial losses, reputational damage, operational disruption, or even physical harm. Click here to learn what is it and how it can be detrimental to your business.