82.Access control techniques

Access control techniques are sometimes categorized as either discretionary or non-discretionary. The three most widely recognized models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC and RBAC are both non-discretionary. Where you are, for example inside or outside a company firewall, or proximity of login location to a personal GPS device.



Discretionary access controlDiscretionary access control (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.Two important concepts in DAC areFile and data ownership: Every object in the system has an owner. In most DAC systems, each object's initial owner is the subject that caused it to be created. The access policy for an object is determined by its owner.


Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources. Access controls may be discretionary in ACL-based or capability-based access control systems. (In capability-based systems, there is usually no explicit concept of 'owner', but the creator of an object has a similar degree of control over its access policy.) Something you know, such as a password or a personal identification number (PIN). This assumes that only the owner of the account knows the password or PIN needed to access the account.


Something you have, such as a smart card or security token. This assumes that only the owner of the account has the necessary smart card or token needed to unlock the account. Something you are, such as fingerprint, voice, retina, or iris characteristics. Where you are, for example inside or outside a company firewall, or proximity of login location to a personal GPS device.