Please enable JavaScript.
Coggle requires JavaScript to display documents.
Access Control (access control attacks (replay, spoofing attack, trojan…
Access Control
-
Definition
-
a process by which use of system resource is regulated according to a security policy and is permitted only by authorizes entities according that policy
access controls are security features that control how people can interact with systems and resources.
-
-
Model/Policy
DAD
control access based on the identity of the requestors and on access rules (authorization) stating what requestors are (or are not) allow to do
owner or creator of resource specifies which subjects have which access to a resource. Based on the Discretion of the data owner.
-
-
in DAC, information may be accessed by unauthorized users because there is no control on copies of objects.
commonly implemented in commercial products (Windows, Linux, Mac OS)
MAC
control acces based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources)
MAC deals with information flow and solves this problem by attaching security levels on both users and objects.
all users are required to obtain certain clearance to access objects. Security labels propagate to derivative objects including copies.
-
-
users and data are given a clearance level(confidential, secret, top secret oec)
-
-
RBAC
Role-based access control (RBAC): control access based on the roles that users have within the system and on rules stating what access are allowed to users in given roles.
-
the relationship of users to roles is many to many, as is the relationship of role requires different sets of permissions and large number of roles have to be defined.
-
ABAC
Controls access based on attributes of the user, the resources to be accessed and current environmental conditions.
element
attributes, which are defined for entities in a configuration.
-
-
-
a policy model, which defines the ABAC policies.
the architecture model, which applies to policies that enforce access control.
Illustration : The access control mechanism is governed by a set of rules (2a) that are defined by a preconfigured access control policy. BAsed on these rules, the access control mechanism assesses the attributes of the subject (2b), object (2c) and current environmental conditions (2d) to determine authorization.
An attributes is a property expressed as a name: value pair associated with any entity in the system, including users, subjects and objects and even attributed themselves. Appropriate attributes can capture identities and access control list (DAC), security labels, clearances and classifications (MAC) and roles (RBAC)
Function
Identification
identifies a user uniquely(hopefully) - SSN, UID, SID, Username: who am i?
Authentication
verification that the credentials of a user or other system entity are valid: Authentication - prove that i am who i say i
-
-
-
-
Authorization
the granting of a right or permission to a system entity to access a system resources. This function determines who is trusted for a given purpose: Authorization - now what am i allowed to access
-
-
-
Definition
as the central element of computer security. All of computer security is concerned with access control.
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner and to enable legitimate users to access resources in an authorized manner.
-
-