Access Control Models 4.3 Flashcards
Access Control
Access first starts with authorization. Before you are given rights, you must first be authorized to use them.
User receives rights based on your Access Control Mode. Each entity will need to determine the process of how to give, who to give, and what to give policies.
Mandatory Access Control (MAC)
This means the operating system determines the limits of how much access a person has to a particular object. Every object needs to be assigned a label to determine the level of secrecy. Labeling the object determines the level of rights/access users have to that object based on predefined rules. The administrator decides who gets access to what security level. Users can not change these.
Discretionary Access Control (DAC)
Used in most operating systems. If you created a spreadsheet, you as the owner get’s to determine who has access to it. You can modify it at any time. This is very flexible access control but very weak security.
Role Based Access Control (RBAC)
Access based on your role within an organization. Administrator provides access based on role of the user. Rights are gained implicitly instead of explicitly. If the admin provides access to the managers, and directors are put into the manager group, then the directors all have the same rights. You see this in Windows “Groups”.
Attribute-Based Access Control (ABAC)
Users have complex relationships to apps and data. Access may be based on many different criteria. ABAC can determine your access based off of things like IP address, time of day, desired action, relationship to data, etc.
Rule-Based Access Control
A set of rules determines access. Rules are determined by admin. Rules are associated with objects, the system checks an ACL for the object. Used commonly in firewalls.
File System Security
Most OS’s provide a level of security at the file system. The OS can assign a level of security to each file. Most OS’s will keep an ACL that is associated by a group/user rights and permissions. Can also be administered from the file owner. Encryption can be built-in.
Database Security
Databases have their own access control. Data integrity is usually an option in databases. The best security for a database is a well written app.