Someone can suggest me a real situation in which is better to use MAC (Mandatory Access Control) instead of DAC (Discretionary Access Control) or RBAC (Role Based Access Control)? And in which DAC is better than the others? And in which RBAC is the best?I know the theoretical notions, and I know that RBAC is better in situation in which we want to assign the rights not to the people, but to the specific job. I know also that MAC and RBAC is better in situation where we want to avoid that an user can manage the rights. DAC is the way to go to let people manage the content they own. It might sound obvious, but for instance DAC is very good to let users of an online social network choose who accesses their data.
It allows people to revoke or forward privileges easily and immediately., and provide nice examples of research on DAC with users.RBAC is a form of access control which as you said is suitable to separate responsibilities in a system where multiple roles are fulfilled. This is obviously true in corporations (often along with compartmentalization e.g. Or ) but can also be used on a single user operating system to implement the. RBAC is designed for by letting users select the roles they need for a specific task. The key question is whether you use roles to represent tasks performed on your system and assign roles in a central authority (in which case RBAC is a form of MAC); or if you use roles to let users control permissions on their own objects (leading to multiple roles per object and absolutely no semantics in roles, even though it's ).MAC in itself is vague, there are many many ways to implement it for many systems. In practice, you'll often use a combination of different paradigms.
For instance, a UNIX system mostly uses DAC but the root account bypasses DAC privileges. In a corporation, beyond separating your different departments and teams with MAC/RBAC you may allow some DAC for coworkers to share information on your corporate file system.It'd be better to make your question specific and tell what system(s) you want to protect, if any. What access control to use always depends on the specific situation and context you're considering. Each system is used for a different overriding security requirement.
Gaspar noe love torrent. In a world where the television was still rare and an all-day cinema ticket cost less than a cup of coffee, they were able to see all the old masters and a lot of contemporary films.Even in film cities like Paris and New York you can't really do that anymore, and haven't been able to since the 70's.
Sep 23, 2011 In case of a mandatory access control system. A MAC model has a negative influence on performance since the system has to check many more accesses and access rules. And more realistic benchmarks suggest that the impact of SELinux.
- Author: admin
- Category: Category
Someone can suggest me a real situation in which is better to use MAC (Mandatory Access Control) instead of DAC (Discretionary Access Control) or RBAC (Role Based Access Control)? And in which DAC is better than the others? And in which RBAC is the best?I know the theoretical notions, and I know that RBAC is better in situation in which we want to assign the rights not to the people, but to the specific job. I know also that MAC and RBAC is better in situation where we want to avoid that an user can manage the rights. DAC is the way to go to let people manage the content they own. It might sound obvious, but for instance DAC is very good to let users of an online social network choose who accesses their data.
It allows people to revoke or forward privileges easily and immediately., and provide nice examples of research on DAC with users.RBAC is a form of access control which as you said is suitable to separate responsibilities in a system where multiple roles are fulfilled. This is obviously true in corporations (often along with compartmentalization e.g. Or ) but can also be used on a single user operating system to implement the. RBAC is designed for by letting users select the roles they need for a specific task. The key question is whether you use roles to represent tasks performed on your system and assign roles in a central authority (in which case RBAC is a form of MAC); or if you use roles to let users control permissions on their own objects (leading to multiple roles per object and absolutely no semantics in roles, even though it's ).MAC in itself is vague, there are many many ways to implement it for many systems. In practice, you'll often use a combination of different paradigms.
For instance, a UNIX system mostly uses DAC but the root account bypasses DAC privileges. In a corporation, beyond separating your different departments and teams with MAC/RBAC you may allow some DAC for coworkers to share information on your corporate file system.It'd be better to make your question specific and tell what system(s) you want to protect, if any. What access control to use always depends on the specific situation and context you're considering. Each system is used for a different overriding security requirement.
Gaspar noe love torrent. In a world where the television was still rare and an all-day cinema ticket cost less than a cup of coffee, they were able to see all the old masters and a lot of contemporary films.Even in film cities like Paris and New York you can't really do that anymore, and haven't been able to since the 70's.
Sep 23, 2011 In case of a mandatory access control system. A MAC model has a negative influence on performance since the system has to check many more accesses and access rules. And more realistic benchmarks suggest that the impact of SELinux.