Effective CISSP Questions

Which of the following is an incorrect statement about discretionary access control (DAC)? (Wentz QOTD)
A. Granting read access is transitive.
B. DAC policy is vulnerable to Trojan horse attacks.
C. DAC can effectively assure the flow of information in a system.
D. The owner of the object decides the privileges for accessing objects.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. DAC can effectively assure the flow of information in a system.

Access Control Policies, Mechanisms, and Models_v2
Access Control Policies, Mechanisms, and Models_v2

Discretionary Access Control (DAC)

The following is an excerpt from NIST IT 7316:

DAC leaves a certain amount of access control to the discretion of the object’s owner or anyone else who is authorized to control the object’s access. For example, it is generally used to limit a user’s access to a file; it is the owner of the file who controls other users’ accesses to the file. Only those users specified by the owner may have some combination of read, write, execute, and other permissions to the file.

DAC policy tends to be very flexible and is widely used in the commercial and government sectors. However, DAC is known to be inherently weak for two reasons.

First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing stops Bob from copying the contents of Ann’s file to an object that Bob controls. Bob may now grant any other user access to the copy of Ann’s file without Ann’s knowledge.

Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the invoking user, Bob may, for example, write a program for Ann that, on the surface, performs some useful function, while at the same time destroys the contents of Ann’s files. When investigating the problem, the audit files would indicate that Ann destroyed her own files.

Thus, formally, the drawbacks of DAC are as follows:
• Information can be copied from one object to another; therefore, there is no real assurance on the flow of information in a system.
• No restrictions apply to the usage of information when the user has received it.
• The privileges for accessing objects are decided by the owner of the object, rather than through a system-wide policy that reflects the organization’s security requirements.

ACLs and owner/group/other access control mechanisms are by far the most common mechanism for implementing DAC policies. Other mechanisms, even though not designed with DAC in mind, may have the capabilities to implement a DAC policy.

Source: NIST IR 7316



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

以下那個關於自主訪問控制 (DAC) 的說法不正確?(Wentz QOTD)
A. 授予讀取訪問權限是可遞移的( transitive )。
B. DAC政策容易受到木馬攻擊。
C. DAC可以有效地確保(assure)系統中資訊的流動。
D. 物件(object)的所有者決定存取物件的權限(privileges)。

Leave a Reply