I'm currently writing my bachelors thesis about the different approaches for authorization. Before I explain the actual implementations of RBAC or ABAC i want to explain DAC and MAC. But in various papers i find pretty much conflicting information.
Most of the times I read that DAC and MAC are just strategies on which acutal implementations are built on. DAC means the subject/owner decides what to do with their rights to a object and MAC implements System-Wide policies which the end-user cannot control.
So far so good, but on multiple occasions I read "Bell-LaPadula is a implementation of MAC" and "[...] MAC is a better implementation than ABAC [...]".
Furthermore I couldnt find any example definition of an actual MAC implementation, which further emphasised, that MAC cannot be implemented on its own.
I also found that multi-level-security being used synonymusly with MAC, but I was under the assumption, that MLS adds the Classifactions and Clearances and builds upon MAC.
I hope someone could get me some insight what DAC,MAC and MLS actually are. Even better if you could give me a source which I can cite :)