RBAC, MAC, DAC & ABAC Access Control | CISSP Domain 5

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Access control models define the policies and mechanisms that determine how subjects (users, processes) interact with objects (files, systems, data). For the CISSP exam, access control models are tested at the conceptual level: understanding who controls access in each model, what the security properties are, what the risks are, and which model is most appropriate for a given scenario. Domain 5 frequently presents scenarios and asks candidates to identify the model in use or recommend the most appropriate model.

Discretionary Access Control (DAC)

In Discretionary Access Control, the owner of a resource controls who can access it and what permissions they have. Access decisions are at the discretion of the resource owner — hence the name.

In a DAC system, when a user creates a file, they automatically become its owner and can grant or revoke access for any other user. Unix/Linux file permissions (chmod) and Windows NTFS permissions are classic examples of DAC.

Security properties of DAC: flexibility and ease of use — owners can share resources without requiring administrator intervention. Risk: DAC is vulnerable to Trojan horse attacks. A malicious program running in the context of a legitimate user can access any resource the user has access to, because access decisions are based on identity (who you are) not on program trustworthiness. DAC also creates the risk of accidental oversharing — an owner may inadvertently grant broader access than intended.

DAC is the most common access control model in commercial operating systems because it is practical and user-friendly. Its risks are managed through security awareness, DLP, and monitoring.

For the exam: DAC = owner-controlled access. The data owner decides who can access their data. The key risk is Trojan horses and accidental oversharing.

Mandatory Access Control (MAC)

In Mandatory Access Control, access decisions are made by the system based on labels applied to subjects and objects — not by the resource owner. The owner cannot override the mandatory access policy.

In a MAC system, each subject is assigned a clearance level (for example, Top Secret) and each object is assigned a classification label (for example, Secret). The system enforces rules that determine whether a subject with a given clearance can access an object with a given label. These rules are typically based on a formal security model like Bell-LaPadula (for confidentiality) or Biba (for integrity).

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Discretionary Access Control (DAC)

In Discretionary Access Control, the owner of a resource controls who can access it and what permissions they have. Access decisions are at the discretion of the resource owner — hence the name.

DAC is the most common access control model in commercial operating systems because it is practical and user-friendly. Its risks are managed through security awareness, DLP, and monitoring.

For the exam: DAC = owner-controlled access. The data owner decides who can access their data. The key risk is Trojan horses and accidental oversharing.

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

Risk-Based Access Control: The Emerging Model

Comparing the Models: Who Controls Access?

Exam Tip

Test your knowledge on Identity and Access Management