Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Data owners decide who has access to resources based only on the identity of the person accessing the resource.
The following answers are incorrect : Mandatory Access Control : users and data owners do not have as much freedom to determine who can access files.
The operating system makes the final decision and can override the users' wishes and access decisions are based on security labels.
Sensitive Access Control : There is no such access control in the context of the above question.
Role-based Access Control : uses a centrally administered set of controls to determine how subjects and objects interact , also called as non discretionary access control.
In a mandatory access control (MAC) model, users and data owners do not have as much freedom to determine who can access files.
The operating system makes the final decision and can override the users wishes.
This model is much more structured and strict and is based on a security label system.
Users are given a security clearance (secret, top secret, confidential, and so on), and data is classified in the same way.
The clearance and classification data is stored in the security labels, which are bound to the specific subjects and objects.
When the system makes a decision about fulfilling a request to access an object, it is based on the clearance of the subject, the classification of the object, and the security policy of the system.
The rules for how subjects access objects are made by the security officer, configured by the administrator, enforced by the operating system, and supported by security technologies Reference : Shon Harris , AIO v3 , Chapter-4 : Access Control , Page : 163-165
The access control model that enables the OWNER of the resource to specify what subjects can access specific resources based on their identity is known as Discretionary Access Control (DAC).
Discretionary Access Control (DAC) is a type of access control system in which the owner or administrator of a resource can define the permissions for accessing that resource. Under this model, the owner of the resource has complete control over who can access it and what level of access they are granted.
DAC is a flexible model as it allows the owner to specify the access controls for their resource based on their own discretion. For instance, the owner of a file can decide who should have read, write or execute permissions. The owner of a folder can set permissions to allow certain users to access sub-folders while denying access to others.
However, there are some limitations to DAC. Because the access control is based on the discretion of the owner, it can be difficult to enforce security policies consistently across the entire organization. In addition, it can be challenging to manage access control permissions for a large number of resources and users.
In contrast, Mandatory Access Control (MAC) is a different access control model in which access controls are determined by the system or security administrator rather than the resource owner. Sensitive Access Control and Role-based Access Control (RBAC) are additional access control models that provide different methods of controlling access to resources.
To summarize, the access control model that enables the OWNER of the resource to specify what subjects can access specific resources based on their identity is Discretionary Access Control (DAC).