The main difference between DAC and MAC is that the DAC is an access control method in which the owner of the resource determines the access while the MAC is an access control method that provides access to the resource depending on the clearance level of the user.
Information security is vital for any automated system. Therefore, these systems require various mechanisms to ensure information security. First, the users should go through the authentication process. When the user provides his personal details, the user is authorized. For example, the system might ask the user to enter the username and password. If he provides the valid username and password, he can access the system. After completing the authentication, the next step is authorization. It determines the permissions granted to an authenticated user. Access controlling helps to access Authorization. DAC and MAC are types of Access Control methods.
Key Areas Covered
DAC, MAC, Security
What is DAC
DAC stands for Discretionary Access Control. The owner of the resource has the complete control over who can have access to a specific resource. The resource can be a file, directory, or any other, which can be accessed via the network. He can grant permission to other users to access the resource. He can also allow them to perform operations such as read, write, execute or share the resource. Moreover, he can transfer the ownership and determine the access type of other users.
In general, DAC is an easy and flexible access control method. However, it is not very secure. As the owner of the resource has the full control, one slip from him can give full control to others.
What is MAC
MAC stands for Mandatory Access Control. In this method, access is determined by the system, not by the owner. Systems that contain highly sensitive data such as government or military based systems use this access control type.
In this control, all users (subjects) and resources should have a label assigned to them. It is a security label and specifies the level of trust. To access the resource, the user must have equal or higher sensitivity level than the level of the required resource. For example, if the user requires accessing a secret file, he should have a secret clearance or a higher clearance to access the resource.
Difference Between DAC and MAC
DAC is a type of access control in which the owner of a resource restricts access to the resource based on the identity of the users. MAC is a type of access control that restricts the access to the resources based on the clearance of the subjects.
The DAC stands for Discretionary Access Control (DAC) and the MAC stands for Mandatory Access Control.
In DAC, the resource owner determines who can access and what privileges they have. MAC provides access to the users depending on the clearance level of the users. Access is determined by the system.
Furthermore, DAC is more flexible than MAC.
Also, MAC is more secure than DAC.
Moreover, DAC is easier to implement than MAC.
The main difference between DAC and MAC is that the DAC is an access control method in which the owner of the resource determines the access while the MAC is an access control method that provides access to the resource depending on the clearance level of the user. In brief, DAC is suitable for systems that require general security while MAC is more suitable for systems that contain highly sensitive data.
1. “Authorization and Access Control – CompTIA Security SY0-401: 5.2.” Authorization and Access Control – CompTIA Security SY0-401: 5.2, Professor Messer, 18 Sept. 2014, Available here.
1. “3400555” (CC0) via Pixabay