DAC和MAC之间的区别
1. 数模转换器:
DAC 是基于身份的访问控制。 DAC 机制将由用户标识(如用户名和密码)控制。 DAC 是自行决定的,因为所有者可以将对象或任何经过身份验证的信息转移给其他用户。简单来说,所有者可以确定访问权限。
DAC的属性——
- 用户可以将他们的对象所有权转让给另一个用户。
- 其他用户的访问类型可以由用户自己决定。
- 多次尝试失败后,授权失败会限制用户访问。
- 未经授权的用户将对文件大小、目录路径和文件名等对象特征视而不见。
示例- 允许 Linux 文件操作系统是 DAC 的一个示例。
2. MAC:
MAC 中的操作系统将根据用户的身份和数据为用户提供访问权限。为了获得访问权限,用户必须提交他们的个人信息。这是非常安全的,因为规则和限制是由管理员施加的,并且会被严格遵守。 MAC 设置和策略管理将建立在一个安全的网络中,并且仅限于系统管理员。
MAC的属性——
- MAC 策略有助于减少系统错误。
- 它具有更严格的安全性,因为只有管理员才能访问或更改控件。
- MAC 有一个强制操作系统,可以标记和描述传入的应用程序数据。
- 维护会很困难,因为只有管理员才能访问数据库。
示例- 普通用户、管理员和来宾的 Windows 访问级别是 MAC 的一些示例。
DAC 和 MAC 的区别:DAC
MAC
DAC stands for Discretionary Access Control. MAC stands for Mandatory Access Control. DAC is easier to implement. MAC is difficult to implement. DAC is less secure to use. MAC is more secure to use. In DAC, the owner can determine the access and privileges and can restrict the resources based on the identity of the users. In MAC, the system only determines the access and the resources will be restricted based on the clearance of the subjects. DAC has extra labor-intensive properties. MAC has no labor-intensive property. Users will be provided access based on their identity and not using levels. Users will be restricted based on their power and level of hierarchy. DAC has high flexibility with no rules and regulations. MAC is not flexible as it contains lots of strict rules and regulations. DAC has complete trust in users. MAC has trust only in administrators. Decisions will be based only on user ID and ownership. Decisions will be based on objects and tasks, and they can have their own ids. Information flow is impossible to control. Information flow can be easily controlled. DAC is supported by commercial DBMSs. MAC is not supported by commercial DBMSs. DAC can be applied in all domains. MAC can be applied in the military, government, and intelligence. DAC is vulnerable to trojan horses. MAC prevents virus flow from a higher level to a lower level.