For a long time, we have been controlling access to files and applications at our computers using Discretionary Access Control (DAC). Usually, this approach looks like a combination of a user with restricted privileges having access to a number of strictly defined resources (files, applications, etc.) and an administrator with full access to all system resources.

Generally, this approach seems to be mostly sufficient, and — for users — sometimes even excessive, which is confirmed by a great number of users working with administrator privileges at their computers. Continue reading →