1.1 Recognize and be able to differentiate and explain the following access control models
o MAC (Mandatory Access Control)
· Access controls based on security labels (Sensitivity labels) associated with each data item
· Lattice = MAC model
· Uses levels of security to classify users and data is a characteristic of MAC
o DAC (Discretionary Access Control)
· Access controls that are created and administered by the data owner are considered.
· Each object has an owner, which has full control over the object
· Inherent flaw in DAC is that it relies only on the identity of the user or process, leaving room for a Trojan horse
o RBAC (Role Based Access Control)
· Access control decisions are based on responsibilities that an individual user or process has in an organization
· Relationship of user, role, operation: multiple users, multiple roles and multiple operations
http://del.icio.us/rss/tag/access+control