Scribd
Upload
30 views

Different Access Control Models b190001-5

The document discusses four main access control models: discretionary access control, mandatory access control, role-based access control, and rule-based access control. It explains the key aspects of each model and concludes that rule-based access control is often considered the best model due to its flexibility in granting access permissions.

Uploaded by

Deepraj Majumdar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

Different Access Control Models b190001-5

The document discusses four main access control models: discretionary access control, mandatory access control, role-based access control, and rule-based access control. It explains the key aspects of each model and concludes that rule-based access control is often considered the best model due to its flexibility in granting access permissions.

Uploaded by

Deepraj Majumdar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Different Access Control Models

ABHISHEK THAKUR (B190001) Submitted To:


Dr. Pankaj Kumar Keserwani
ARUNIL JAISWAL (B190005)
● What is Access Control
● Four main access control model
● Discretionary access control (DAC)
● Mandatory access control (MAC)

Contents
● Role-based access control (RBAC)
● Rule-based access control (RuBAC)
● Best Access Control Model
● Summary
What is access control?

Access control is the act of maintaining security by strategically controlling who can access your
property and when. Access control is the process of:

● identifying a person doing a specific job


● authenticating them by looking at their identification
● granting a person only the key to the door or computer that they need access to and nothing more

.
In information security, one would look at this as:

● Granting an individual permission to get onto a network via a username and password.
● Allowing them access to files, computers, or other hardware or software they need.
● Ensuring they have the right level of permission to do their job.
The 4 main access control models are:

1. Discretionary access control (DAC)

2. Mandatory access control (MAC)

3. Role-based access control (RBAC)

4. Rule-based access control (RuBAC)


1. Discretionary access control (DAC)

● The discretionary access control model is one of least restrictive access control
models. It allows for multiple administrators to control access to a property.
● While this limits the number of people who can edit user permissions, this model can
also put an organization at risk because the decision maker may not be aware of the
security implications of their decisions
● The decisions on user permissions are taken at the discretion of one person, who may
or may not have security expertise.
● This model is straightforward to use and makes it easy to assign access to users.
2. Mandatory access control (MAC)

● Mandatory access control stands as a complete alternative to discretionary access


control.
● This access control design is best used for businesses that emphasize security and
confidentiality.
● The system administrator cannot be overridden or bypassed, and they determine who
is granted access to a property.
● One system administrator in charge can lead to a more organized database of users
with access to the property.
3. Role-based access control (RBAC)

● The role-based model is also known as non-discretionary access control. This model
assigns every user a specific role that has unique access permissions.
● System administrators have the ability to assign user roles and manage access for
each role.
● Role-based access control builds security around an employee’s role and this can help
develop strong policies in businesses with large numbers of employees.
● instead of assigning Alice permissions as a security manager, the position of security
manager already has permissions assigned to it.
4. Rule-based access control (RuBAC)

● Rule-based access control features an algorithm that changes a user’s access


permissions based on a number of qualifying factors such as the time of day.
● With the rule-based model, a security professional or system administrator sets access
management rules that can allow or deny user access to specific areas, regardless of
an employee’s other permissions.
● When an employee attempts to gain access, the access control system checks the list
of requirements and grants or denies access.
● Rule-based models can work in conjunction with other access control models to
provide higher levels of security.
Best access control model ?

● Rule- and role-based access control are two of the most important models for
determining who has access to specific areas or resources within a business.
● By implementing the most appropriate model, a security administrator can manage
access at a high level or apply granular rules to provide specific protection for
high-security areas.
● While both models provide effective security and strong benefits, they require
different levels of effort to develop, implement, and manage access security policies.
● rule-based and role-based models complement each other and can be deployed as a
hybrid model for even stronger access control security.
Summary

● Access control systems allow verified users to access a property while preventing
unauthorized people from entering.
● Access control models differ based on the user permissions they grant.
● RuBAC models are considered the best access control model because of their high
flexibility for most types of properties.
References

https://delinea.com/blog/access-control-models-methods

https://www.openpath.com/blog-post/access-control-models

https://butterflymx.com/blog/access-control-models/
Thank You !!!

You might also like