Question

I. Describe the differences between discretionary access control model and mandatory access control model

II. File permissions in Linux can be also represented in digits from 0-7 for the owner, group and others with reading as the most significant bit (E.g., the value 6 represents the permission right rw- for a file). Suppose a file in Linux has the permission as the digits 764.

• What does this permission right indicate for the owner/user, group and others?

• What is the letter representation of this permission right?

Answer 1

Mandatory Access Control (MAC) and Discretionary Access Control (DAC) are two popular access control models which provide users access to the data they require in the multiple-user environment.

Differences:

1. In MAC, resources allocation to the user is done by the operating system (system administrator). While, each user has access to its own data in the DAC.

2. In MAC, administrator creates the access levels which are provided to each user specifically and users can access resources within its access level. While DAC maintains a list of users which can access a particular resource.

3. In MAC, administrators have only right to alter permission levels and to provide resource allocation to all the users. While in DAC, the users which can access data of a particular resource can provide resource to others user by including them in the list.

4. While dealing with large number of the users, MAC provides ease in maintenance and establishment of the access because we need single levels for each resource and each user. In DAC we need identity of each user who needs access to the resource data.

5. In MAC, we cannot give access to a particular resource directly because we need to give the user access level which gives him/her access to all the resources in the access level. While in DAC, we just need to add the user in the list of that resource providing flexibility.

6. In MAC, it is easier to keep track of the users who have access to the resources as the administrator only has rights to change. While in DAC, it seems problematic to track usage of the resource as all the user have right to add other users.

7. In DAC, we need to perform more work as compared to the MAC.