Synonyms
Related Concepts
Definition
Discretionary access control (DAC) is a paradigm of controlling accesses to resources. According to the trusted computer system evaluation criteria (TCSEC) (often referred to as the Orange Book)[1], discretionary access control is “a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).”
The National Computer Security Center (NCSC) guide titled “A Guide to Understanding Discretionary Access Control in Trusted Systems [2],” portions of which were published as a research paper [3], states that “the basis for (DAC) is that an individual user, or program operating on the user’s...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
DOD (1985) Trusted computer system evaluation criteria. Department of Defense 5200.28-STD, Washington
NCSC (1987) National computer security center: a guide to understanding discretionary access control in trusted systems, September 1987. NCSC-TG-003
Downs DD, Rub JR, Kung KC, Jordan CS (1985) Issues in discretionary access control. In: Proceedings of IEEE symposium on research in security and privacy, IEEE Computer Society, Oakland, April 1985, pp 208–218
Scott Graham G, Denning PJ (1972) Protection – principles and practice. In: Proceedings of the AFIPS spring joint computer conference, AFIPS Press, vol 40, pp 417–429, 16–18 May 1972
Lampson BW (1971) Protection. In: Proceedings of the 5th Princeton conference on information sciences and systems. Reprinted in ACM Oper Syst Rev 8(1):18–24, 1974
Griffiths PP, Wade BW (1976) An authorization mechanism for a relational database system. ACM Trans Database Syst 1(3): 242–255
Elliott Bell D, LaPadula LJ (1976) Secure computer systems: unified exposition and Multics interpretation. Technical report ESD-TR-75-306, Mitre Corporation
Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Jones AK, Lipton RJ, Snyder L (1976) A linear time algorithm for deciding security. In: 17th annual IEEE symposium on foundations of computer science (FOCS), Houston, pp 33–41, October 1976
Li N, Tripunitara MV (2005) On safety in discretionary access control. In: Proceedings of the 2005 IEEE symposium on security and privacy, Oakland, May 2005
Mao Z, Li N, Chen H, Jian X (2009) Trojan horse resistant discretionary access control. In: Proceedings of the ACM symposium on access control models and technologies (SACMAT), Stresa, Italy, pp 237–246
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comp 29(2):38–47
Lipton RJ, Snyder L (1977) A linear time algorithm for deciding subject security. J ACM 24(3):455–464
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Li, N. (2011). Discretionary Access Control. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_798
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_798
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering