Access control is one of the most important cybersecurity practices. Careful adjustment of users’ access rights helps to secure sensitive data and reduces the chance of a successful attack. Show
However, choosing an access control model relevant to your organization can be tricky. In one of our previous posts, we reviewed role-based and attribute-based access control models. This article discusses use cases for mandatory and discretionary access control models. We also compare two approaches — discretionary vs mandatory access control (DAC vs MAC) — to help you choose one over the other. Finally, we provide implementation tips.
Why is access control important?
Access control regulates which users, applications, and devices can view, edit, add, and delete resources in an organization’s environment. Controlling access is one of the key practices to protect sensitive data from theft, misuse, abuse, and other threats. There are two levels of access control: physical and logical.
Access control helps mitigate both insider and outsider threats. That’s why IT regulations, laws, and standards — NIST, HIPAA, PCI DSS, and others — enforce strict physical and logical access control measures. In this article, we discuss models of logical access control.
There are several logical access control models, including mandatory, discretionary, role-based, and attribute-based. The process of choosing and deploying one of these models looks different for each organization. The choice of model depends on:
Let’s find out when to use mandatory and discretionary access control models.
Learn more about using Ekran System forPrivileged Access Management What is mandatory access control?
Mandatory access control (MAC) is a model of access control where the operating system provides users with access based on data confidentiality and user clearance levels. In this model, access is granted on a need to know basis: users have to prove a need for information before gaining access.
MAC is also called a non-discretionary control model, which means that control isn’t gained at the discretion of the user or file owner. MAC implements zero-trust principles with its control mechanisms.
MAC is considered the most secure of all access control models. Access rules in this model are manually defined by system administrators and strictly enforced by the operating system or security kernel. Regular users can’t alter security attributes even for data they’ve created.
What are the basic principles of MAC?
1. The utmost privacy and confidentiality of the organization’s resources are paramount. No one has default privileges to access or edit someone’s data. 2. Access provisioning is centrally administered. 3. Each individual and resource in the system has security labels with their classification and category.
With MAC, the process of gaining access looks like this:
In addition to checking confidentiality and clearance levels (classification matches between subject and object), operating systems pay attention to category matches between subject and object. Having a “top secret” classification doesn’t automatically provide a user with full access to a file if they aren’t a member of the required category for the object.
For example, let’s consider data that has the “top secret” confidentiality level and “engineering project” security label. It’s available to a set of users that have both “top secret” clearance (classification) and authorization to access engineering documents (category). Such users can also access information that requires a lower level of clearance. But employees with lower levels of clearance or no rights to access engineering documents can’t access such information.
MAC brings lots of benefits to a cybersecurity system. But it has several disadvantages to consider. Let’s observe the disadvantages and advantages of mandatory access control.
Pros and cons of MACPros
Cons
When to use MAC
This access control model is mostly used by government organizations, militaries, and law enforcement institutions. MAC is used by the US government to secure classified information and to support multilevel security policies and applications. For better data protection and compliance in the insurance industry and the banking sphere, organizations use MAC to control access to customer account data. This non-discretionary access control model can also protect access to a database, where procedures, tables, views, and other elements will be the objects.
It’s reasonable to use MAC in organizations that value data security more than operational flexibility and costs. Implementing MAC in a private organization is rare because of the complexity and inflexibility of such a system.
A pure MAC model provides a high and granular level of security. On the other hand, it’s difficult to set up and maintain. That’s why it’s common to combine MAC with other access control models.
For example, combining it with the role-based model speeds up the configuration of user profiles. Instead of defining access rights for each user, an administrator can create user roles. Each organization has users with similar roles and access rights: employees with the same job position, third-party vendors, etc. An administrator can configure roles for these groups instead of configuring individual user profiles from scratch.
Another popular combination is MAC and the discretionary access control model, or DAC. MAC can be used to secure sensitive data, while DAC allows coworkers to share information within a corporate file system.
Read also: Key Features of an Insider Threat Protection Program for the Military What is discretionary access control?
Discretionary access control is an identity-based access control model that provides users with a certain amount of control over their data. Data owners (document creators or any users authorized to control data) can define access permissions for specific users or groups of users. In other words, whom to give access to and what privileges to grant are decided at the resource owner’s discretion.
Access permissions for each piece of data are stored in an access control list (ACL). An administrator creates this list when a user grants access to somebody. The list can be generated automatically. An ACL includes users and groups that may access data and the levels of access they have. A system administrator can also enforce an ACL. In this case, the ACL acts as a security policy, and regular users can’t edit or overrule it.
What are the basic principles of DAC?
1. Object characteristics (size, name, directory path) are invisible to users that aren’t authorized. 2. Several failed access attempts enforce additional multi-factor authentication or deny access. 3. Users can transfer their object ownership to other users. Also, the owner determines the access type of other users. Based on these access privileges, the operating system decides whether to grant access to a file.
Gaining access to a file in the DAC model works like this:
Discretionary access control is quite a popular model because it allows a lot of freedom for users and doesn’t cause administrative overhead. However, it has several considerable limitations.
Pros and cons of DACPros
Cons
When to use DAC
DAC shouldn’t be used by organizations that work with extremely sensitive data (medical, financial, military, etc.) for several reasons:
At the same time, DAC is a good choice for small businesses with limited IT staff and cybersecurity budgets. It allows for sharing information and ensures the smooth operation of the business. This approach, when applied in an organization with 10 to 20 employees, lacks the complexity and oversight challenges associated with the use of DAC in organizations with hundreds or thousands of employees.
MAC vs DAC Comparison
Let’s review the key characteristics of these two models — mandatory access control vs discretionary access control — and see what the differences are between MAC and DAC. CharacteristicMACDACAccess control enforced by Administrators and operating system Administrators and users Form of access control policyConfidentiality levels and clearances Access-control lists with user identities FlexibilityScalabilitySimplicityMaintenanceHard Easy Implementation costHigh Low GranularityHigh (admins adjust clearances for each user and object manually) High (users can assign access rights for any other user or group) Easy to useSecurity levelHigh Low Useful forGovernment, military, law enforcement Small and medium-sized companies Trusted usersOnly administrators All users Baseline for gaining access decisionsTasks and objects that have their own IDs Ownership and users IDs
This DAC vs MAC comparison shows that they’re very different access control models, suitable for different kinds of organizations. DAC works well for organizations that require flexibility and user-friendly workflows. On the other hand, MAC is more suitable for organizations that work with highly sensitive data.
Read also: SSH Key Management Implement robust and flexible access management with Ekran System
There are many organizations that require elements of both discretionary access control and mandatory access control models. The flexibility, scalability, and simplicity of DAC are important for creating a simple and uninterrupted workflow. At the same time, organizations might need the high level of security and granularity offered by the MAC model.
Are these characteristics crucial for your organization? Ekran System’s access management functionality can help you get the best of MAC and DAC with an all-in-one platform. We offer a wide range of access control possibilities:
Conclusion
Comparing MAC and DAC, we see that they’re two opposite models of access control. MAC is controlled by administrators and requires lots of time and effort to maintain, but it provides a high level of security. DAC is much easier to implement and maintain, as users can manage access to the data they own. However, DAC isn’t good enough for protecting sensitive records.
With Ekran System, you can combine the benefits of both of these access control models. Additionally, Ekran can enforce a Which method of access control allows the owner of a resource to decide who has access to that resource?Discretionary access control (DAC).
This is an access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource.
Which type of access control model is based on the which of the owner?1. The Mandatory Access Control, or MAC, model gives only the owner and custodian management of the access controls.
Which access control model leaves it to the owner of a resource to determine who will be granted or denied access?Mandatory Access Control (MAC)
The Mandatory Access Control (MAC) model gives only the owner and custodian management of the access controls. This means the end-user has no control over any settings that provide any privileges to anyone.
What are the 4 types of access control?Currently, there are four primary types of access control models: mandatory access control (MAC), role-based access control (RBAC), discretionary access control (DAC), and rule-based access control (RBAC).
|