Access control is a method of allowing and disallowing certain operations on a computer or network system .Terms to be used in this section in the context of access control:

--Subject, something or someone to which access is granted or denied, i.e. a user, application, or system process.

--Object, something that is granted access or denied for, i.e. a file, printer, application, or system process.

Discretionary Access Control (DAC)

A widely used access control model is Discretionary Access Control (DAC), in which a subject has complete control over the objects that it owns and the programs that it executes. For example, user Mary owns a file called mywork.doc. Mary allows mywork.doc to be read by the group Sales and allows no one else access to it.

Programs executed by a user will have the same permissions as the user who is executing it. This implies that the security of the system depends on the applications that are being executed and, therefore, when a security breach in an application takes place, this can affect all the objects to which the user has access.

This makes DAC very vulnerable to Trojan Horses. For example, suppose subject X has read and write access to object file1, subject Y could write a program that creates a new object file2, grants subject X write access to it and subject Y read access, and copies the content from file1 to file2. Subject Y, the attacker, can disguise the program as legitimate software and send it to subject X. When subject X runs the program, the program will have the same permissions as subject X and effectively expose the content of file1 to subject Y. When administrator executes the application, the attacker could obtain the maximum privileges, jeopardizing the security of the entire system.

Mandatory Access Control (MAC)

In the Mandatory Access Control (MAC) model, the administrator maintains access control. The administrator defines a policy, which users cannot modify. This policy indicates which subject has access to which object. This access control model can increase the level of security, because it is based on a policy that does not allow any operation not specifically authorized.

In the original MAC model, access rights were granted according to numeric access levels of subjects to objects that were labeled an access level. For example, an administrator has access level 65535, and Mary level 100, and Guest has level 1. There are two files, file1 has a level of 2, file2 a level of 200, only the administrator can access both files, Mary can access only file1. Guests can neither access file1 and file2. The access level of the users has to be equal or higher than the object they want to access. Obviously, using this early MAC model alone, without discretionary access control, produces a problem: someone with level 2000 will be able to delete/alter all files with a lower level.

Though there is a solution to this, as well as to the main vulnerability in DAC, called Multi-Level Security (MLS). MLS typically used in military environments, implements an extra security layer for each object by using labels (i.e. "top secret", "secret", "confidential", and "unclassified"). In addition to the mechanisms described above, only users located in the same layer, or a higher layer, can access the objects. This works on a "need to know basis", known as the principal of least privileges. Users can only access the objects they need to be able to do their job.