1 00:00:06,690 --> 00:00:09,690 - [Instructor] In a discretionary access control model 2 00:00:09,690 --> 00:00:12,790 each resource has a clearly identified owner. 3 00:00:12,790 --> 00:00:15,630 For example, a user creating a file 4 00:00:15,630 --> 00:00:18,330 becomes the owner of that file. 5 00:00:18,330 --> 00:00:22,480 The owner of a resource can decide at his discretion 6 00:00:22,480 --> 00:00:24,290 to allow other users 7 00:00:24,290 --> 00:00:27,650 or subjects access to that resource. 8 00:00:27,650 --> 00:00:31,230 The owner discretion is the main characteristic 9 00:00:31,230 --> 00:00:33,810 of the discretionary access control. 10 00:00:33,810 --> 00:00:35,470 Now, the owner in fact, 11 00:00:35,470 --> 00:00:38,150 when assigning a permission, 12 00:00:38,150 --> 00:00:41,560 should comply with organization security policy. 13 00:00:41,560 --> 00:00:44,060 However, the security policy compliance 14 00:00:44,060 --> 00:00:47,410 is not enforced by the operating system 15 00:00:47,410 --> 00:00:48,500 or any other entity. 16 00:00:48,500 --> 00:00:51,320 It's actually enforced by the user itself. 17 00:00:51,320 --> 00:00:54,500 So when the owner allows access to a different user, 18 00:00:54,500 --> 00:00:56,760 will also set the permissions 19 00:00:56,760 --> 00:00:57,990 for example, you know, 20 00:00:57,990 --> 00:01:00,610 to rewrite or execute 21 00:01:00,610 --> 00:01:05,610 for the other specific resource to the user. 22 00:01:06,200 --> 00:01:09,280 And now, in a discretionary access model 23 00:01:09,280 --> 00:01:13,140 users can be organized in groups as well. 24 00:01:13,140 --> 00:01:15,590 The owner can grant access to a resource, 25 00:01:15,590 --> 00:01:16,820 to the entire group, 26 00:01:16,820 --> 00:01:20,440 instead of the actual individual user. 27 00:01:20,440 --> 00:01:24,200 Also, a permission attributes will be assigned 28 00:01:24,200 --> 00:01:27,270 to a resource for that specific group. 29 00:01:27,270 --> 00:01:29,090 Now, a simple way to implement 30 00:01:29,090 --> 00:01:31,520 discretionary access control 31 00:01:31,520 --> 00:01:34,070 is an access control list, 32 00:01:34,070 --> 00:01:38,160 which is actually associated to each object. 33 00:01:38,160 --> 00:01:42,300 Now, most of modern operating systems today, 34 00:01:42,300 --> 00:01:45,720 both open source and commercial operating systems, 35 00:01:45,720 --> 00:01:50,720 implement a form of discretionary access control model. 36 00:01:50,720 --> 00:01:51,560 In this example, 37 00:01:51,560 --> 00:01:54,700 I'm showing four files in a Mac OS X system, 38 00:01:54,700 --> 00:01:57,360 but this will be the same in a Linux system as well. 39 00:01:57,360 --> 00:02:00,690 So as you can see, I'm the owner of all files. 40 00:02:00,690 --> 00:02:04,080 And I also belong to the staff group, 41 00:02:04,080 --> 00:02:08,440 and also each of the files have their own permissions. 42 00:02:08,440 --> 00:02:11,120 Now, if you're not familiar with Linux permissions, 43 00:02:11,120 --> 00:02:13,280 I include a link to a website that explains 44 00:02:13,280 --> 00:02:14,950 them in detail here. 45 00:02:14,950 --> 00:02:17,700 One of the prerequisites of this exam, 46 00:02:17,700 --> 00:02:19,810 of the executive fundamentals exam, 47 00:02:19,810 --> 00:02:24,730 is that you are familiar with the Linux operating system 48 00:02:24,730 --> 00:02:25,970 and also, you know, 49 00:02:25,970 --> 00:02:29,719 the file system, and the permissions of, you know, 50 00:02:29,719 --> 00:02:30,710 of the file system. 51 00:02:30,710 --> 00:02:35,080 So, I definitely urge you and suggest that you actually read 52 00:02:36,290 --> 00:02:38,500 this article or this website 53 00:02:38,500 --> 00:02:42,330 if you're not familiar with Linux permissions. 54 00:02:42,330 --> 00:02:44,670 Now, going back to discretionary access control. 55 00:02:44,670 --> 00:02:46,850 One of the drawbacks of using 56 00:02:46,850 --> 00:02:49,460 a discretionary access control model, 57 00:02:49,460 --> 00:02:53,150 is that the security policy is left to the discretion 58 00:02:53,150 --> 00:02:54,470 of the data owner. 59 00:02:54,470 --> 00:02:56,340 And then the data security administration 60 00:02:56,340 --> 00:02:59,970 has actually limited access control over it. 61 00:02:59,970 --> 00:03:02,580 Additionally, with the number of subjects, 62 00:03:02,580 --> 00:03:06,500 so that means users, processes, programs, et cetera, 63 00:03:06,500 --> 00:03:09,320 accessing a large number of objects, 64 00:03:09,320 --> 00:03:13,000 maintaining the permission by respecting the need to know, 65 00:03:13,000 --> 00:03:14,970 and the least privilege 66 00:03:14,970 --> 00:03:18,620 becomes a complex administration task. 67 00:03:18,620 --> 00:03:22,230 So, there's a concept of privilege creep, 68 00:03:22,230 --> 00:03:23,463 and a privilege creep, 69 00:03:23,463 --> 00:03:26,590 or otherwise known as authorization creep, 70 00:03:26,590 --> 00:03:29,760 describes an issue that actually happens fairly frequently 71 00:03:29,760 --> 00:03:31,700 in large organizations. 72 00:03:31,700 --> 00:03:34,660 And this issue is that privileges 73 00:03:34,660 --> 00:03:36,950 that are being assigned to users 74 00:03:36,950 --> 00:03:39,620 are never revoked when the user does 75 00:03:39,620 --> 00:03:41,080 not need them anymore, 76 00:03:41,080 --> 00:03:41,930 or if they actually even, 77 00:03:41,930 --> 00:03:44,810 the user actually leaves the organization. 78 00:03:44,810 --> 00:03:49,810 And this definitely goes against the need to know principle, 79 00:03:50,000 --> 00:03:53,853 and as well as the least privilege principle. 80 00:03:54,960 --> 00:03:56,780 There are a few key concepts related 81 00:03:56,780 --> 00:03:59,020 to the discretionary access control model. 82 00:03:59,020 --> 00:03:59,853 The first one is 83 00:03:59,853 --> 00:04:02,700 that the discretionary access controls 84 00:04:02,700 --> 00:04:05,840 are controls where authorization is decided 85 00:04:05,840 --> 00:04:07,600 by the owner of the object, 86 00:04:07,600 --> 00:04:11,220 and also in a discretionary access control system 87 00:04:11,220 --> 00:04:15,310 access permissions are associated to the object itself. 88 00:04:15,310 --> 00:04:18,970 And lastly, access control is usually enforced 89 00:04:18,970 --> 00:04:20,933 with access control lists.