Difference Between DAC and MAC

The main difference between DAC and MAC is that the DAC is an access control method in which the owner of the resource determines the access while the MAC is an access control method that provides access to the resource depending on the clearance level of the user.  

Information security is vital for any automated system. Therefore, these systems require various mechanisms to ensure information security. First, the users should go through the authentication process. When the user provides his personal details, the user is authorized. For example, the system might ask the user to enter the username and password. If he provides the valid username and password, he can access the system. After completing the authentication, the next step is authorization. It determines the permissions granted to an authenticated user. Access controlling helps to access Authorization. DAC and MAC are types of Access Control methods.

Key Areas Covered

1. What is DAC
     – Definition, Functionality
2. What is MAC
     – Definition, Functionality
3. Difference Between DAC and MAC
     – Comparison of Key Differences

Key Terms

DAC, MAC, Security

Difference Between DAC and MAC - Comparison Summary

What is DAC

DAC stands for Discretionary Access Control. The owner of the resource has the complete control over who can have access to a specific resource. The resource can be a file, directory, or any other, which can be accessed via the network. He can grant permission to other users to access the resource. He can also allow them to perform operations such as read, write, execute or share the resource. Moreover, he can transfer the ownership and determine the access type of other users.  

In general, DAC is an easy and flexible access control method. However, it is not very secure. As the owner of the resource has the full control, one slip from him can give full control to others.

What is MAC

MAC stands for Mandatory Access Control. In this method, access is determined by the system, not by the owner. Systems that contain highly sensitive data such as government or military based systems use this access control type.

Difference Between DAC and MAC

In this control, all users (subjects) and resources should have a label assigned to them. It is a security label and specifies the level of trust.  To access the resource, the user must have equal or higher sensitivity level than the level of the required resource. For example, if the user requires accessing a secret file, he should have a secret clearance or a higher clearance to access the resource. 

Difference Between DAC and MAC

Definition

DAC is a type of access control in which the owner of a resource restricts access to the resource based on the identity of the users. MAC is a type of access control that restricts the access to the resources based on the clearance of the subjects.

Full Name

The DAC stands for Discretionary Access Control (DAC) and the MAC stands for Mandatory Access Control.

Basis

In DAC, the resource owner determines who can access and what privileges they have. MAC provides access to the users depending on the clearance level of the users.  Access is determined by the system.

Flexibility

Furthermore, DAC is more flexible than MAC.

Security

Also, MAC is more secure than DAC.

Implementation

Moreover, DAC is easier to implement than MAC.

Conclusion

The main difference between DAC and MAC is that the DAC is an access control method in which the owner of the resource determines the access while the MAC is an access control method that provides access to the resource depending on the clearance level of the user. In brief, DAC is suitable for systems that require general security while MAC is more suitable for systems that contain highly sensitive data.

Reference:

1. “Authorization and Access Control – CompTIA Security SY0-401: 5.2.” Authorization and Access Control – CompTIA Security SY0-401: 5.2, Professor Messer, 18 Sept. 2014, Available here.

Image Courtesy:

1. “3400555” (CC0) via Pixabay

About the Author: Lithmee

Lithmee holds a Bachelor of Science degree in Computer Systems Engineering and is reading for her Master’s degree in Computer Science. She is passionate about sharing her knowldge in the areas of programming, data science, and computer systems.

Leave a Reply