I don't think there is a way to control attach/detach permissions via passwords. The ability to attach a database requires CREATE DATABASE, CREATE ANY DATABASE, or ALTER ANY DATABASE permission; and once a login has that permission they can attach.
It is an unusual business scenario where end users need to attach and detach databases. Can you describe the business problem that you are trying to solve via this approach? There may be better/more secure alternatives.
You are correct; this is a very unusual problem. The application is desktop base and using SQL 2008 at the backend. Sometimes a user turnoff the SQL service, copy the database files. Then attach the database in a different server, modify data, copy the modified database files back to the server.