knowt logoknowt logo
HomeExploreExamsBlog
knowt logoKnowt
0.0(0)
Exam Icon
Take a practice test
Tags
Explore Top Notes
Chapter 3: Observing Microorganisms Through a Microscope
noteNote
studied byStudied by 29 people
4.7 Stars(3)
learning and motivation 2/2/22
noteNote
studied byStudied by 4 people
5.0 Stars(1)
Mixtures and Chromatography
noteNote
studied byStudied by 3 people
5.0 Stars(1)
Injuries and Disorders of the Skin- Chapter 3.3
noteNote
studied byStudied by 11 people
5.0 Stars(1)
Temporomandibular Joint Dysfunction
noteNote
studied byStudied by 6 people
5.0 Stars(1)
Historical Background of the Philippines Democracy
noteNote
studied byStudied by 11 people
5.0 Stars(1)
knowt logo

Access Control

Defined as a series of mechanisms to specify what users do, which resources they can access, and what operations they can perform on a system, as well as identifying users by verifying various login credentials

  • It also allows managers of a system to direct or restrain the behaviour, use and content of a system

Three Main Access Control Functions

Identification

  • A method of establishing the subject's identity (ex: usernames, user IDs, etc.)

  • The method usually should be non-descriptive of the user's position or task

Authentication

  • A method of providing the claimed identity of an entity that has previously identified itself

Authorization

  • A process that determines what level of clearance and access the authenticated user has within the system and the data that they requested to log into or gain access

Types of Access Control

Discretionary Access Control (DAC)

  • A system that uses discretionary access control allows the owner of the resource to specify which subjects can access which resources (Access control is at the discretionary of the owner of the resource)

Mandatory Access Control (MAC)

  • Access is based on a security labelling system, meaning users have security clearances and resources have security labels that contain data classifications

  • This model is used in environments where information classification and confidentiality are very important

Non-Discretionary Role-Based Access Control (RBAC)

  • Uses a centrally administered set of controls to determine how subjects and objects interact

  • It is the best know system for an organization that has a high turnover

Access Control Mechanisms

Takes as input security policies and attempted actions, and outputs an accept or reject response on that action

  • The security policy that goes into an access control mechanism defines what a subject (An entity that's requesting access) is allowed to do, and/or what may be with an object (ex: data files, software, hardware, device, etc. that may contain important data, etc.)

Role Based Access Control (RBAC)

  • RBAC uses a centrally administered set of controls to make access control decisions

  • In a given organization, subjects can have one or more roles, as well as share roles with other subjects, and these roles come with tasks that they must perform

  • A subject in a given role requires access to certain objects in order to complete their tasks

    • Therefore, in this access control method, the role or roles that a subject is assigned matters more in access control decisions than their identity

  • RBAC is ideal for institutions that experience a lot of churn and internal movements since roles can provide a way to reassign authorization to objects very quickly

Content Dependent Access Control (CDAC)

  • A method of performing access control based on the type of content contained in an object

  • Access control decisions are content dependent

Control Based Access Control (CBAC)

  • An access control method based on the context of a subject's request to an object

  • This method requires more information in order to make a decision (ex: the subject's identity, the object that they're requesting access to, the object's content type, etc.)

Constrained User Interfaces (CUI)

  • A method of enforcing access control by constraining the user interface used to get access

    • This can be done by not allowing certain types of access on the interface, or not including the ability to request certain types of access or objects

  • Three major types of constrained UIs

    • Menus and shells

    • Database views

    • Physically constrained interfaces

Access Control Matrix (ACM)

  • A method used to represent permissions and privileges within a system through a table of subjects and objects

    • Every row represents different subjects

    • Every column represents different objects

      • Subjects in a system can also be accessed as an object and in order to do this, subjects that can be accessed by other subjects must also be listed as an object

    • Every other individual cell specifies what the access rights are (read, write, execute, append and own)

    • Cons

      • ACMs can grow very large very quickly (Solution: ACLs)

M
Home
Home

Access Control

Defined as a series of mechanisms to specify what users do, which resources they can access, and what operations they can perform on a system, as well as identifying users by verifying various login credentials

  • It also allows managers of a system to direct or restrain the behaviour, use and content of a system

Three Main Access Control Functions

Identification

  • A method of establishing the subject's identity (ex: usernames, user IDs, etc.)

  • The method usually should be non-descriptive of the user's position or task

Authentication

  • A method of providing the claimed identity of an entity that has previously identified itself

Authorization

  • A process that determines what level of clearance and access the authenticated user has within the system and the data that they requested to log into or gain access

Types of Access Control

Discretionary Access Control (DAC)

  • A system that uses discretionary access control allows the owner of the resource to specify which subjects can access which resources (Access control is at the discretionary of the owner of the resource)

Mandatory Access Control (MAC)

  • Access is based on a security labelling system, meaning users have security clearances and resources have security labels that contain data classifications

  • This model is used in environments where information classification and confidentiality are very important

Non-Discretionary Role-Based Access Control (RBAC)

  • Uses a centrally administered set of controls to determine how subjects and objects interact

  • It is the best know system for an organization that has a high turnover

Access Control Mechanisms

Takes as input security policies and attempted actions, and outputs an accept or reject response on that action

  • The security policy that goes into an access control mechanism defines what a subject (An entity that's requesting access) is allowed to do, and/or what may be with an object (ex: data files, software, hardware, device, etc. that may contain important data, etc.)

Role Based Access Control (RBAC)

  • RBAC uses a centrally administered set of controls to make access control decisions

  • In a given organization, subjects can have one or more roles, as well as share roles with other subjects, and these roles come with tasks that they must perform

  • A subject in a given role requires access to certain objects in order to complete their tasks

    • Therefore, in this access control method, the role or roles that a subject is assigned matters more in access control decisions than their identity

  • RBAC is ideal for institutions that experience a lot of churn and internal movements since roles can provide a way to reassign authorization to objects very quickly

Content Dependent Access Control (CDAC)

  • A method of performing access control based on the type of content contained in an object

  • Access control decisions are content dependent

Control Based Access Control (CBAC)

  • An access control method based on the context of a subject's request to an object

  • This method requires more information in order to make a decision (ex: the subject's identity, the object that they're requesting access to, the object's content type, etc.)

Constrained User Interfaces (CUI)

  • A method of enforcing access control by constraining the user interface used to get access

    • This can be done by not allowing certain types of access on the interface, or not including the ability to request certain types of access or objects

  • Three major types of constrained UIs

    • Menus and shells

    • Database views

    • Physically constrained interfaces

Access Control Matrix (ACM)

  • A method used to represent permissions and privileges within a system through a table of subjects and objects

    • Every row represents different subjects

    • Every column represents different objects

      • Subjects in a system can also be accessed as an object and in order to do this, subjects that can be accessed by other subjects must also be listed as an object

    • Every other individual cell specifies what the access rights are (read, write, execute, append and own)

    • Cons

      • ACMs can grow very large very quickly (Solution: ACLs)