Please enable JavaScript.
Coggle requires JavaScript to display documents.
NIST - Assessment of Access Control Systems - Coggle Diagram
NIST - Assessment of Access Control Systems
Capabilities and Limitations of Access Control for Distributed System
Access Rules
Centralized Control
User Grouping by Roles
Limitations for Distributed Systems
Overview of Access Control
Concepts
Access Control List (ACL)
Access Control Matrix
Permission (Privilege)
Separation of Duty (SOD)
Operation
Safety
Subject
Domain and Type Enforcement
Object
Policies, Models, and Mechanisms
Non-Discretionary Access Control
Role-based Access Control
Temporal Constraints
Mandatory Access Control (MAC)
Workflow
Discretionary Access Control
Chinese Wall
Capabilities and Limitations of Access Control Mechanisms
Capability List and Limitations
Role-Based Access Control and Limitations
Statically Constrained
Dynamically Constrained
Hierarchical
Core
permissions
operations
roles
objects
users
Protection Bits and Limitations
Rule-Based Access Control and Limitations
Access Control List and Limitations
XML-Based Access Control Languages and Limitations
Safety Limitations
Achieving Safety
Restricted Access Control Model for Safety
Constraints for Safety
Separation of Duty and Safety
Static Separation of Duty (SSOD)
Dynamic Separation of Duty (DSOD)
Quality Metric for Access Control Systems
The horizontal scope (across platforms and applications) of control in which users and
resources are regulated under an access control policy
The vertical scope (between application, DBMS, and OS) of control
The degree to which an access control system is adaptable to the implementation and
evolution of access control policies
Support for safety
Number of relationships required to create an access control policy
The degree of freedoms for AC management
Support for separation of duty
Performance of AC enforcement
The degree to which an access control system supports the concept of least privilege
Policy conflicts that the access control system can resolve or prevent
The steps required for assigning and dis-assigning object access control entries into the
system
Flexibilities of configuration into existing systems: microkernel, application, or
client/server
The steps required for assigning and dis-assigning user capabilities into the system
Capabilities of policy encapsulation for policy combination, composition, and
constraint
This section presents a quality metric for access control systems based on the configurable features and limitations of the implemented mechanism. More works need to be done for applying the metric to any specific access control systems; however, the metric can be used when considering and comparing the properties for current configuration with future expansion of an access control system.