Discreationary Access Control
July 29th, 2010 By alishinwari

Discretionary Access Control

A general notion of discretionary security suggests that DAC [1] [2] is any security policy or a security mechanism where ordinary users are involved in defining the security policy. Discretionary access control (DAC) is defined by the Trusted Computer System Evaluation Criteria [3] as “a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)”.
In discretionary access control individual users can grant or deny permissions to other programs and applications on the platform, on the objects that are owned by them. In most cases the authorizations are stored in an access control matrix and the access requests from users are checked against the corresponding authorizations in the ACM. Access control matrix and its various implementations are discussed in the following subsections.

Access Control Matrix

An Access Control Matrix or Access Matrix [4] stores the rights and permissions of each subject with respect to every object in the system and represents an abstract model of permissions. If the ACM is literally implemented as it is then the resulting data structure will have excessive memory requirements. Therefore to make it more practical some variations of the access matrix are implemented in the real world which are slightly different from its literal representation, but nonetheless serve the same purpose. The variations of access control matrix include capability-based systems and access control lists.

Implementation of Access Control Matrix

Access Control Lists

An access control list (ACL) is a list of permissions associated with an object. An ACL is a table that specifies which access rights each user has on a particular system object. The list has an entry for each system user and his or hers corresponding access privileges e.g. read, write or execute. When a user or a process tries to access an object the operating system lookup the entries in the ACL defined for that particular object and determines whether the user or the process is authorized to perform underlying operation.

Capability based systems

Capability-based systems use capabilities as a token of authority in order to determine the authorization of users. A capability refers to an object and the set of access rights that are associated with it. A user program will use a capability to access an object and may also share its own capability with other programs and also with the operating system infrastructure, which provides the primary means of granting and distributing access rights within the system.
Capabilities achieve their objective of improving system security by being used in place of forgeable references. A forgeable reference identifies an object such as the file path of an object, but does not specify which access rights are appropriate for that object. If a user program or a processes possesses a capability entitles it to use object that the capability refers to and to exercise the rights that it associates with the object.


  1. Access control: Principles and practice. Sandhu, R.S. and Samarati, P. New York : Communications Society of Institute of Electrical and Electronics Engineers, 1994, IEEE Communications Magazine, Vol. 32, pp. 40–49.
  2. Issues in discretionary access control. Downs, D.D. and Rub, J.R. and Kung, K.C. and Jordan, C.S. s.l. : IEEE Computer Society, 1987, Tutorial computer and network security.
  3. Trusted computer system evaluation criteria. Qiu, L. and Zhang, Y. and Wang, F. and Kyung, M. and Mahajan, H.R. s.l. : Citeseer, 1985, National Computer Security Center.
  4. Protection. Lampson, B.W. s.l. : ACM, 1974, ACM SIGOPS Operating Systems Review, Vol. 8, pp. 18–24.

Leave a Reply