Discretionary Access Control
DAC; Identity-based access control
Discretionary access control (DAC) provides for owner-controlled administration of access rights to objects. DAC, as the name implies, permits the granting and revocation of access permissions to be left to the discretion of the individual users. A DAC mechanism allows users to grant or revoke access to any of the objects under their control.
Trusted Computer System Evaluation Criteria (TCSEC) published by the US Department of Defense, commonly known as the Orange Book, defined two important access control modes for information systems: discretionary access control (DAC) and mandatory access control (MAC). As the name implies, DAC allows the creators or owners of files to assign access rights. Also, a user (or subject) with discretionary access to information can pass that information on to another user (or subject). DAC has its genesis in the academic and research setting from which time-sharing systems...
- 1.Amazon. Amazon simple storage service (S3). 2011.Google Scholar
- 2.Amazon. Amazon web services: risk and compliance (2012), http://media.amazonwebservices.com/.
- 3.Bertino E, Samarati P, Jajodia S. Authorizations in relational database management systems. In: Proceedings of the 1st ACM Conference on Computer and Communication Security; 1993. p. 130–9.Google Scholar
- 4.Bishop M. Computer security: art and science. Boston: Addison Wesley Professional; 2003.Google Scholar
- 8.Ferraiolo DF, Gilbert DM, Lynch N. An examination of federal and commercial access control policy needs. In: Proceedings of the NIST-NCSC National Computer Security Conference; 1993. p. 107–16.Google Scholar
- 9.Graham GS, Denning PJ. Protection: principles and practice. In: Proceedings of the AFIPS Spring Joint Computer Conference; 1972. p. 417–29.Google Scholar