Discretionary Access Control (DAC) – Complete Guide for SSCP Exam
What is Discretionary Access Control (DAC)?
Discretionary Access Control (DAC) is an access control model in which the owner of a resource (such as a file, folder, or object) determines who can access that resource and what level of access (read, write, execute, etc.) they are granted. The term "discretionary" reflects the fact that access decisions are left to the discretion of the resource owner rather than being enforced by a centralized authority or system policy.
DAC is the most common access control model found in mainstream operating systems such as Windows (NTFS permissions), Linux/Unix (file permission bits and ACLs), and macOS. In these systems, when a user creates a file, they become its owner and can grant or revoke permissions to other users or groups as they see fit.
Why is DAC Important?
Understanding DAC is critical for several reasons:
1. Ubiquity: DAC is the default access control model in most commercial operating systems and applications. Security professionals encounter it constantly in real-world environments.
2. Flexibility: DAC provides a high degree of flexibility because owners can tailor permissions to meet their specific needs. This makes it suitable for collaborative environments where users need to share resources freely.
3. User Empowerment: DAC empowers users to manage access to their own resources, reducing the administrative burden on system administrators.
4. Known Weaknesses: DAC has well-documented security limitations. Because users control access, there is a risk of excessive permission granting, unauthorized data sharing, and vulnerability to Trojan horse attacks (where malicious software inherits the permissions of the user who runs it). Understanding these weaknesses is essential for implementing compensating controls.
5. Exam Relevance: DAC is a foundational topic in the SSCP exam under the Access Controls domain. You must understand how it differs from other models like MAC, RBAC, and Rule-Based Access Control.
How Does DAC Work?
DAC operates based on the following core principles:
1. Ownership: Every object (file, directory, resource) has an owner, typically the user who created it. The owner has full control over the object's permissions.
2. Access Control Lists (ACLs): DAC is most commonly implemented through ACLs. An ACL is a list attached to an object that specifies which subjects (users, groups, or processes) can access the object and what operations they can perform. Each entry in the ACL is called an Access Control Entry (ACE).
3. Identity-Based Decisions: Access decisions under DAC are based on the identity of the requesting user. The system checks the user's identity against the ACL to determine whether to grant or deny access.
4. Permission Propagation: Owners can grant other users the ability to further share or delegate access to the resource. This is sometimes referred to as granting the right to grant rights. This cascading delegation is both a feature and a risk of DAC.
5. No Centralized Policy Enforcement: Unlike Mandatory Access Control (MAC), DAC does not enforce a system-wide security policy based on labels or classifications. Security decisions are decentralized and left to individual resource owners.
Example:
In a Linux system, a user named Alice creates a file called report.txt. By default, Alice is the owner. She can use the chmod or setfacl commands to grant read access to Bob and read/write access to the "Finance" group. If Alice decides to remove Bob's access later, she can do so at her discretion.
DAC vs. Other Access Control Models
DAC vs. MAC (Mandatory Access Control):
- In MAC, a central authority (usually the system or security administrator) assigns security labels to subjects and objects. Users cannot change the access permissions — the system enforces them based on classification levels (e.g., Top Secret, Secret, Confidential).
- In DAC, the resource owner decides who gets access. This makes DAC more flexible but less secure for environments handling highly sensitive data.
DAC vs. RBAC (Role-Based Access Control):
- RBAC grants access based on roles assigned to users within an organization (e.g., Manager, Analyst, Administrator). Permissions are assigned to roles, not to individual users.
- DAC grants access based on the identity of the user and the discretion of the owner.
DAC vs. Rule-Based Access Control:
- Rule-Based Access Control uses predefined rules (such as time-of-day restrictions, IP address filtering, or firewall rules) to control access. These rules apply uniformly to all users.
- DAC is identity-based and owner-driven, not rule-driven.
Key Vulnerabilities of DAC
1. Trojan Horse Attacks: This is the most significant and frequently tested vulnerability of DAC. A Trojan horse program runs with the permissions of the user who executes it. If a privileged user unknowingly runs malicious software, that software can access, copy, or modify any resource the user has access to — and can even grant access to unauthorized parties.
2. Excessive Permissions: Users may grant overly broad access to resources, either through carelessness or convenience, leading to unauthorized data exposure.
3. Lack of Centralized Control: Because owners manage their own permissions, it is difficult for security administrators to enforce a consistent, organization-wide security policy.
4. Permission Creep: Over time, users may accumulate permissions that exceed their actual needs, increasing the attack surface.
Real-World Implementation Examples
- Windows NTFS: File and folder permissions using ACLs. Owners can modify the security descriptor to add or remove user/group permissions.
- Linux/Unix: Traditional file permission model (owner, group, others with read, write, execute bits) and extended ACLs via setfacl.
- Database Systems: SQL GRANT and REVOKE statements allow database object owners to control who can SELECT, INSERT, UPDATE, or DELETE data.
Exam Tips: Answering Questions on Discretionary Access Control (DAC)
Tip 1: Remember the Key Identifier — Owner Controls Access
If a question describes a scenario where the owner or creator of a resource decides who can access it, the answer is almost certainly DAC. The word "discretion" or "owner" is your strongest clue.
Tip 2: Know the Trojan Horse Weakness
One of the most commonly tested facts about DAC is its vulnerability to Trojan horse attacks. If a question asks about the primary weakness or security concern of DAC, select the Trojan horse option.
Tip 3: Distinguish DAC from MAC by Who Controls Access
If the system or a central authority enforces access based on labels, classifications, or clearance levels, that is MAC. If the resource owner decides, that is DAC. This distinction appears frequently on the exam.
Tip 4: ACLs Are the Implementation Mechanism
DAC is most commonly implemented through Access Control Lists (ACLs). If a question mentions ACLs in the context of owner-managed permissions, think DAC.
Tip 5: Identity-Based Access
DAC makes access decisions based on the identity of the user (who they are). This is in contrast to MAC (which uses labels), RBAC (which uses roles), and attribute-based access control (ABAC, which uses attributes).
Tip 6: Understand "Right to Grant Rights"
A hallmark of DAC is that owners can delegate the ability to grant access to others. If a question describes a scenario where a user grants another user the permission to further share a resource, this is characteristic of DAC.
Tip 7: DAC is the Least Restrictive Model
Among the major access control models (DAC, MAC, RBAC), DAC is generally considered the least restrictive and the most flexible. MAC is considered the most restrictive. Keep this hierarchy in mind for comparison questions.
Tip 8: Watch for Distractor Answers
Exam questions may try to confuse DAC with Rule-Based Access Control by mentioning ACLs in firewalls. Remember that firewall ACLs typically follow rule-based access control, not DAC. DAC specifically involves owner-managed permissions on objects like files and resources.
Tip 9: Common Environments
DAC is the standard model in most commercial operating systems (Windows, Linux, macOS). If a question references standard file system permissions in a general-purpose OS, DAC is likely the correct answer.
Tip 10: Process of Elimination
When you encounter a question about access control models, first check whether a central authority enforces policy (MAC), whether roles are involved (RBAC), or whether the owner decides (DAC). Using this simple decision tree will help you eliminate incorrect options quickly and arrive at the correct answer.
