Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Explain the issues related with DAC.

Discretionary Access Control (DAC) is a security model that grants or restricts access to resources based on the identity of the user and their ownership of the resource. While DAC has been widely used, it comes with several issues that can impact the overall security of a system:

Issues related with DAC are :

  1. Difficult to Enforce System-Wide Security Policy:
    • In a DAC system, each user has control over their own objects, making it challenging to enforce a consistent system-wide security policy. This lack of central control can lead to scenarios where a user might intentionally or unintentionally share classified information with an unauthorized user.
  2. Coarse-Grained Privileges:
    • DAC typically supports coarse-grained privileges, meaning that access control decisions are made at a broad level. The top-level authorization decision, often referred to as Coarse-Grained Authorization (CGA), is made at the perimeter of a system. This lack of granularity can result in users having more privileges than necessary, potentially leading to unauthorized access.
  3. Unbounded Privilege Escalation:
    • DAC systems may suffer from the risk of unbounded privilege escalation. Once a user gains access to an object, they may have the ability to grant access to other users, potentially leading to a situation where privileges are escalated beyond the intended scope.
  4. Limited Consideration of Security Relevant Information:
    • DAC systems often rely solely on user identity and ownership, ignoring other security-relevant factors:
      • User’s Role: The specific roles a user plays within an organization may not be considered in access control decisions.
      • Function of the Program: The purpose or function of a program may not be taken into account when determining access, potentially leading to misuse or unauthorized actions.
      • Trustworthiness of the Program: Compromised programs can manipulate access to user objects, and if a program is compromised, it may inherit all the permissions granted to the user.
      • Sensitivity of the Data: The importance or sensitivity of data is not always considered in access control decisions.
      • Integrity of the Data: The integrity of data may not be adequately protected, as DAC focuses primarily on controlling who has access rather than ensuring the integrity of the data.

Leave a Comment