Final answer:
MAC is an access control model that enforces access based on labels and a centralized policy, typically used in high-security environments like military, whereas DAC allows resource owners to set permissions, offering more flexibility and common use in civilian settings.
Step-by-step explanation:
Differences Between MAC and DAC
The differences between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) pertain to how access to system resources is managed and enforced. The correct answer to the question is A: MAC enforces access based on labels, while DAC is based on user permissions. In more detail:
- MAC (Mandatory Access Control): This model assigns labels to system resources and grants access based on security clearances and a centralized policy. It is known for its rigidity and is commonly used in environments that require a high level of security, such as military or government organizations. Unlike what option B suggests, MAC is less flexible because it doesn't allow individual users to change permissions.
- DAC (Discretionary Access Control): DAC allows the resource's owner to determine who can access it. In contrast to option D, DAC does, in fact, allow users to control access to their data rather than restricting it by default. DAC is considered to be more flexible and is commonly used in civilian settings.
Option C inaccurately states the environments in which MAC and DAC are used. It's MAC that's primarily used in military environments due to its enforcement of security policies without users' discretion, and DAC is widely used in civilian settings. Therefore, C is incorrect.