Operating Systems/Programming





1. Mandatory Access Control (MAC): Is a static access control method. Resources are classified using labels and data can only be retrieved by individuals with particular clearance levels. If someone doesn’t have adequate clearance, they can’t access that data. Suitable or used in operating systems such as Solaris, MAC OS, and Astro Linux.
2. Discretionary Access Control (DAC): the owner chooses who has access to the resource, so verdicts are made directly for subjects. It uses Access Control Lists (ACL). It is suitable for all operating systems so that specific users cannot access other user’s files or their applications. Not ideal in an enterprise setting where many people need to have different levels of access to many different resources.
3. Role Based Access Control: Data access is determined by the role within the organization. It is not specified for different users.  It is a mixture of MAC and DAC. It is suitable for the application level, particularly in the enterprise settings where it is usually applied as a factor of enterprise middleware. Implementing RBAC at the application level creates new opportunities for scalability and versatility because a single middle-ware product can be used to restrict access to many systems and resources. It may not be appropriate for large organizations with offices in different locations. Separating individuals into groups based on roles makes it more problematic to define everyone’s access controls separately.
4. Rule-Based Access Control: Based on rules to deny or allow access to resources. If the rule is matched, the user will be denied or allowed access. Suitable for organizations where access to sensitive documents requires credentials with a username, organizational role, and passwords.
5. Task-Based Access Control Model (TBAC): Permissions are dispensed to tasks and users only obtain permissions during the implementation of tasks. It is suitable for industrial companies.
Irwin, Keith. Yu, Ting. Winsborough, William. “Enforcing Security Properties in Task-based Systems.”


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.