Which of the following is an incorrect statement about discretionary access control (DAC)? (Wentz QOTD)
A. Granting read access is transitive.
B. DAC policy is vulnerable to Trojan horse attacks.
C. DAC can effectively assure the flow of information in a system.
D. The owner of the object decides the privileges for accessing objects.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. DAC can effectively assure the flow of information in a system.
Discretionary Access Control (DAC)
The following is an excerpt from NIST IT 7316:
DAC leaves a certain amount of access control to the discretion of the object’s owner or anyone else who is authorized to control the object’s access. For example, it is generally used to limit a user’s access to a file; it is the owner of the file who controls other users’ accesses to the file. Only those users specified by the owner may have some combination of read, write, execute, and other permissions to the file.
DAC policy tends to be very flexible and is widely used in the commercial and government sectors. However, DAC is known to be inherently weak for two reasons.
First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing stops Bob from copying the contents of Ann’s file to an object that Bob controls. Bob may now grant any other user access to the copy of Ann’s file without Ann’s knowledge.
Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the invoking user, Bob may, for example, write a program for Ann that, on the surface, performs some useful function, while at the same time destroys the contents of Ann’s files. When investigating the problem, the audit files would indicate that Ann destroyed her own files.
Thus, formally, the drawbacks of DAC are as follows:
• Information can be copied from one object to another; therefore, there is no real assurance on the flow of information in a system.
• No restrictions apply to the usage of information when the user has received it.
• The privileges for accessing objects are decided by the owner of the object, rather than through a system-wide policy that reflects the organization’s security requirements.
ACLs and owner/group/other access control mechanisms are by far the most common mechanism for implementing DAC policies. Other mechanisms, even though not designed with DAC in mind, may have the capabilities to implement a DAC policy.
Source: NIST IR 7316
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
以下那個關於自主訪問控制 (DAC) 的說法不正確？(Wentz QOTD)
A. 授予讀取訪問權限是可遞移的( transitive )。