top of page
Search

Access Control

  • Writer: Abhilasha
    Abhilasha
  • Jul 13, 2024
  • 2 min read

Identification, Authentication, and Authorization

  1. Identification: This is the process where a user declares their identity. It uniquely identifies a user or application within a system.

  2. Authentication: The process of verifying that the user is indeed who they claim to be. This is typically done through something the user knows (passwords), has (smart cards), or is (biometrics).

  3. Authorization: Determines what actions a user is allowed to perform. It specifies access rights and privileges to system resources based on the authenticated identity.

Multifactor Authentication (MFA)

MFA enhances security by requiring two or more verification factors before granting access. It combines elements like something the user knows, has, or is, reducing the likelihood of successful cyber attacks.

Access Control Models

  1. Discretionary Access Control (DAC):

  • Access is based on the identity of the requester and access rules.

  • Typically implemented using access control lists (ACLs) or capability tickets.

  1. Mandatory Access Control (MAC):

  • Access decisions are based on comparing security labels with security clearances.

  • Designed to enforce confidentiality and integrity policies.

  1. Role-Based Access Control (RBAC):

  • Access is based on the roles that users assume within the organization.

  • Users are assigned roles, and roles are assigned permissions.

  • Supports the principle of least privilege and simplifies management of permissions.

  1. Attribute-Based Access Control (ABAC):

  • Access decisions are based on attributes of the subject, object, and current environment.

  • Provides flexibility and granularity in access control, especially useful in dynamic environments like cloud services.

Access Control Elements

  1. Subject: Entity (user or process) seeking access to objects.

  2. Object: Resource (file, database record) to which access is controlled.

  3. Access Right: Specific actions (read, write, execute) a subject can perform on an object.

Access Control Mechanisms

  • Access Matrix: Represents access rights in a matrix form, defining permissions for subjects on objects.

  • Access Control Lists (ACLs): Lists of subjects and their permissible access rights to specific objects.

  • Capability Tickets: Tokens that grant specific access rights to subjects.

Security Principles

  • Least Privilege: Granting each user the minimum privileges necessary to perform their tasks.

  • Separation of Duty: Dividing responsibilities among different individuals to prevent abuse of privileges.

  • Audit: Monitoring and recording system activities to detect security breaches and ensure compliance with policies.

 
 
 

Recent Posts

See All
PE internals

Linked Libraries and Functions Imported Functions: Definition: These are functions used by a program that are actually stored in...

 
 
 
OS internals

Privilege Separation Concept: Modern operating systems separate user applications (untrusted) from critical operating system components...

 
 
 
Memory Management in short

Address Space CPU Access: To run instructions and access data in main memory, the CPU needs unique addresses for that data. Definition:...

 
 
 

Comentários

Subscribe Form

Thanks for submitting!

©2021 by just dump 1. Proudly created with Wix.com

bottom of page