Chapter 3: Access Control - Access Control Models

Access control models are frameworks that allow subjects access objects. I described what a subject and an object is relating to access control in a previous post. A couple of key terms in this section that are worth reiterating are DAC and MAC, where the AC in there abbreviations stand for access control. The first letter of each of there is where their difference comes into play. DAC allows a resource owner to determine which subjects can access specific objects. MAC does not allow owners this discretion. MAC is a lot more strict than DAC in that a MAC system is used for an explicit purpose and nothing more. A third framework after used is role-based (RBAC) in which a central controls are set to determine subject-object interaction.