Acrónimos:
DAC
Ver:
· Control de acceso obligatorio
Procedimiento
para restringir el acceso a los objetos de un sistema basado en la identidad de
los sujetos.
El control se
denomina discrecional, pues un sujeto con ciertos derechos de acceso puede
pasar éstos, quizás indirectamente y siempre que no lo impida un control de
acceso obligatorio, a otro sujeto cualquiera (TCSEC).
Se
instrumenta para aplicar una política de seguridad basada en identidades.
[Ribagorda:1997]
A means of
restricting access to objects (e.g., files, data entities) based on the
identity and need-to-know of subjects (e.g., users, processes) and/or groups to
which the object belongs. The controls are discretionary in the sense that a
subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory
access control). [CNSSI_4009:2010]
1a. (I) An access
control service that (a) enforces a security policy based on the identity of
system entities and the authorizations associated with the identities and (b)
incorporates a concept of ownership in which access rights for a system
resource may be granted and revoked by the entity that owns the resource. (See:
access control list, DAC, identity-based security policy, mandatory access
control.)
Derivation: This
service is termed "discretionary" because an entity can be granted
access rights to a resource such that the entity can by its own volition enable
other entities to access the resource.
1b. (O) /formal
model/ "A means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are discretionary in
the sense that a subject with a certain access permission is capable of passing
that permission (perhaps indirectly) on to any other subject." [DoD1]
[RFC4949:2007]
A means of
restricting access to objects based on the identity of subjects and/or groups
to which they belong. The controls are discretionary in the sense that a
subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory
access control). [TCSEC:1985]
Discretionary
Access Control consists of something the user can manage, such as a document
password.
http://www.sans.org/security-resources/glossary-of-terms/
Temas relacionados