Discretionary Access Control / Date:
Start time:

This activity explores Discretionary Access Control.

You may find it easier to sketch some answers on a separate piece of paper, and use that to come up with your report.

Before you start, complete the form below to assign a role to each member.

If you have 3 people, combine Manager & Reflector.

Time: / Date:
Team Roles / Team Member
Recorder: records all answers & questions, and provide copies to team & facilitator (instructor)
Speaker: Talk to facilitator and other teams
Manager: keeps track of time and makes sure everyone contribute appropriately
Reflector: considers how the team could work and learn more effectively

Discretionary Access Control Activity

Definition and HRU Model (40 minutes)

Define Discretionary Access Control:

List the common Advantages and Disadvantages of DAC:

Advantages / Disadvantages

The Harrison-Ruzzo-Ullman (HRU) Model introduced a few important concepts. Describe these concepts and their importance to DAC.

The HRU Model is designed on the concept of states. What is meant when a state is considered “safe”.

Discuss with your group and come up with an example of an unsafe protection system based on the HRU system of states:

For the following questions study the following commands:

Assume you have a protection system that uses the previous commands. Can you consider the protection system safe or unsafe? Why?

Explain the principle of economy of mechanisms pertaining to protection system security.

Activity 1: DAC Model (20 minutes)

Under Discretionary Access Control the owner of the object directly controls the propagation of privileges and access of the object.

A DAC policy can be viewed easily as a table denoting which privileges each of the users possess.

User / object1 / object2 / object3
Bob / r, w / r, w / r
Alice / r, w
Eve / r, w

Critical Thinking Questions:

  1. Given the policy above would the user Eve be able to gain characteristics about object1 (file size, file name, directory …)?
  1. If Bob is not the owner of object2, but he has read and write capabilities is he able to share his access with the user Alice?
  1. What is the idea of least privilege, and can it easily be implemented in the DAC Model?
  1. What three things are used to create an Access Control Model?

Activity 2: Use Case (15 minutes)

Situation: The network administrator at XYZ Inc. has created a group account with the main objective of identifying niche markets in the environment. The group includes the following members:

Name / Department
John Johnson / Marketing
Joey Doe / Sales
William Johns / Marketing
Elaine Smith / Management

The network administrator needs to set up a system to handle privileges in the group while allowing group members to function properly.

Critical Thinking Questions:

  1. Discuss with your group and come up with how the network administrator can apply the discretionary access model to the group.
  1. Look over your answer for Question #1 and describe any potential problems or weaknesses that could be encountered.

Activity 3: Vulnerabilities in DAC (30 minutes)

Assume that the user Bob as full access to the database object Grades.

In this situation Bob can both read and write to the database, but cannot grant access to other users.

Critical Thinking Questions:

  1. What type of attack consists of a user Eve gaining access to the database Grades using software infected with malicious code?
  1. How can the attack explained in Question 1 be prevented?
  1. What are other vulnerabilities that are inherent to DAC?
  1. Give an example of how the lack of control over the flow of information can be exploited in a DAC system.