Difference between DAC and MAC
1. DAC :
DAC is identity-based access control. DAC mechanisms will be controlled by user identification such as username and password. DAC is discretionary because the owners can transfer objects or any authenticated information to other users. In simple words, the owner can determine the access privileges.
Attributes of DAC –
- Users can transfer their object ownership to another user.
- The access type of other users can be determined by the user.
- Authorization failure can restrict the user access after several failed attempts.
- Unauthorized users will be blind to object characteristics called file size, directory path, and file name.
Examples- Permitting the Linux file operating system is an example of DAC.
2. MAC :
The operating system in MAC will provide access to the user based on their identities and data. For gaining access, the user has to submit their personal information. It is very secure because the rules and restrictions are imposed by the admin and will be strictly followed. MAC settings and policy management will be established in a secure network and are limited to system administrators.
Attributes of MAC –
- MAC policies can help to reduce system errors.
- It has tighter security because only the administrator can access or alter controls.
- MAC has an enforced operating system that can label and delineate incoming application data.
- Maintenance will be difficult because only the administrator can have access to the database.
Examples- Access level of windows for ordinary users, admins, and guests are some of the examples of MAC.
Differences between DAC and MAC :
|DAC stands for Discretionary Access Control.||MAC stands for Mandatory Access Control.|
|DAC is easier to implement.||MAC is difficult to implement.|
|DAC is less secure to use.||MAC is more secure to use.|
|In DAC, the owner can determine the access and privileges and can restrict the resources based on the identity of the users.||In MAC, the system only determines the access and the resources will be restricted based on the clearance of the subjects.|
|DAC has extra labor-intensive properties.||MAC has no labor-intensive property.|
|Users will be provided access based on their identity and not using levels.||Users will be restricted based on their power and level of hierarchy.|
|DAC has high flexibility with no rules and regulations.||MAC is not flexible as it contains lots of strict rules and regulations.|
|DAC has complete trust in users.||MAC has trust only in administrators.|
|Decisions will be based only on user ID and ownership.||Decisions will be based on objects and tasks, and they can have their own ids.|
|Information flow is impossible to control.||Information flow can be easily controlled.|
|DAC is supported by commercial DBMSs.||MAC is not supported by commercial DBMSs.|
|DAC can be applied in all domains.||MAC can be applied in the military, government, and intelligence.|
|DAC is vulnerable to trojan horses.||MAC prevents virus flow from a higher level to a lower level.|