Access Control Models Requiring Security Clearance

D.

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance.

Identity-based access control is a type of discretionary access control.

A role-based access control is a type of non-discretionary access control.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).

The access control models are security mechanisms that allow administrators to control who has access to what resources in a system. The four main access control models are Identity-based access control (IBAC), Role-based access control (RBAC), Discretionary access control (DAC), and Mandatory access control (MAC).

Out of these four models, the access control model that requires security clearance for subjects is Mandatory access control (MAC).

Mandatory access control (MAC) is a security model that is used to control access to resources based on the sensitivity of the resource and the clearance level of the subject. In MAC, the system administrator assigns a security label to each resource and each user. The security label defines the sensitivity of the resource and the clearance level of the user.

In a MAC system, the access decisions are made based on the security labels of the resource and the user. The system enforces a set of rules that specify which users are allowed to access which resources based on their clearance level.

In contrast to MAC, the other three access control models do not require security clearance for subjects.

Identity-based access control (IBAC) is a security model that controls access to resources based on the identity of the user. In IBAC, each user is assigned a unique identity, such as a username or an email address. Access decisions are made based on the identity of the user.

Role-based access control (RBAC) is a security model that controls access to resources based on the role of the user. In RBAC, each user is assigned a role, such as manager or employee. Access decisions are made based on the role of the user.

Discretionary access control (DAC) is a security model that controls access to resources based on the discretion of the resource owner. In DAC, each resource has an owner who can decide who has access to the resource.

In summary, Mandatory access control (MAC) is the access control model that requires security clearance for subjects. In MAC, access decisions are based on the sensitivity of the resource and the clearance level of the user. The other three access control models, Identity-based access control (IBAC), Role-based access control (RBAC), and Discretionary access control (DAC), do not require security clearance for subjects.