Operating Systems: Mandatory and Discretionary Access Control

Operating Systems must be guarded from unintentional and malicious use of computer resources. Security measures must be created to protect these unwanted actions of operating systems.

Access Rights and control mechanisms

One of the most important defences in operating system security is to control access to internal data and resources. Access rights define how various users, software or hardware can access various objects. The different types f access rights are reading, writing and printing these are called different privileges.

A collection of access rights is called a protection domain. No one processes or objects on the computer should be aloud to access every resource on a system as this could compromise security. In the majority of computing systems the administrator possesses all access rights and is responsible for managing other user’s rights. (Deitel, 2004)


Access control must not be confused with authorisation, assuming a user has properly authorised him/herself with passwords etc. Authorisation is the act of checking to see if a user has the proper permission to access a file or perform an action. Authorisation checks typically mean querying the access control list

Access control mechanisms

There are a wide variety of access control mechanisms and usually the best is a combination of them all. They should control restrictions on what users can do, which resources they have access to, and what functions they are allowed to perform on one another ie data. Access control mechanism assign security labels in different ways and the mechanism should cover the protection of data as a whole that is unauthorised viewing, modification, or copying of data. Furthermore a good access control mechanism will help limit malicious code execution or unauthorised actions.

Mandatory Access Controls (MAC)

Mandatory Access Control ensures the enforcement of a security policy predefined by which all subjects and objects are controlled. MAC focuses on giving rights to administrators. MAC secures information by assigning sensitivity labels on information and comparing this to the level of sensitivity a user is operating at. Generally MAC access control mechanisms are more secure than DAC, although at times MAC can be too restrictive for some circumstances. MAC mechanisms assign a security level to all information, a security clearance to each user, and ensure that all users only have access to that data for which they have clearance. MAC is usually appropriate for extremely secure systems such as multilevel secure military application.  MAC access control usually has the following attributes:

Administrators, not data owners make changes to a resource’s security label

A security label on the data is on a level which reflects its sensitivity, confidentiality and protection value. ie no use assigning high security to a program such as Microsoft Word which everyone has access to.

There is a hierarchy in the classification of protection level, a high level classification can read lower level secured data.

All users can write to a higher classification but users can only have read/write access to objects of the same classification.

A schedule or time of day restriction can be placed upon objects. (Chapter 8.  Access Control and Authorization, 2006)

Discretionary Access Controls (DAC)

Discretionary Access Control is a way of restricting access to information depending on the identity of users and/or membership in certain groups. Access is granted upon the credentials he/she presents at the time of authentication, such as usernames passwords. In the majority of DAC models the owner of the information or data is able to change its permissions at his/her own judgment. DAC has the disadvantage of not be able to centrally manage a system. A DAC system usually has the following attributes

Data Owners can transfer ownership of information to other users.

Data Owners can determine the type of access given to other users (read, write, copy, etc.) such as in a home network.

Repetitive authorization failures to access the same resource or object generates an alarm and/or restricts the user's access

Users who do not have access to information should not be able to determine its characteristics (file size, file name, directory path, etc.)

Access to information is determined based on authorizations to access control lists based on user identifier and group membership.


Deitel, H.M., Deitel, P.J., & Choffnes, D.R. (2004). Operating systems. (3th ed.). Englewood Cliffs, New Jersey: Prentice-Hall.

No author( 2006) Chapter 8.  Access Control and Authorization retrieved Sepember 29, 2006 from http://www.cgisecurity.com/owasp/html/ch08.html