Scribd
Upload
5 views

CH 04

Uploaded by

Mohammed Albohiry
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

CH 04

Uploaded by

Mohammed Albohiry
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Computer Security:

Principles and Practice


Chapter 4 – Access Control

First Edition
by William Stallings and Lawrie Brown

Lecture slides by Lawrie Brown


Access Control
 “The prevention of unauthorized use of a
resource, including the prevention of use
of a resource in an unauthorized manner“
 central element of computer security
 assume have users and groups
 authenticate to system
 assigned access rights to certain resources
on system
Access Control Principles
Access Control Policies
Access Control Requirements
 reliable input
 fine and coarse specifications
 least privilege
 separation of duty
 open and closed policies
 policy combinations, conflict resolution
 administrative policies
Access Control Elements
 subject - entity that can access objects
 a process representing user/application
 often have 3 classes: owner, group, world
 object - access controlled resource
 e.g. files, directories, records, programs etc
 number/type depend on environment
 access
right - way in which subject
accesses an object
 e.g. read, write, execute, delete, create, search
Discretionary Access Control
 often provided using an access matrix
 lists subjects in one dimension (rows)
 lists objects in the other dimension (columns)
 each entry specifies access rights of the
specified subject to that object
 access matrix is often sparse
 can decompose by either row or column
Access Control Model
Protection Domains
 set of objects with associated access rights
 in access matrix view, each row defines a
protection domain
 but not necessarily just a user
 may be a limited subset of user’s rights
 applied to a more restricted process
 may be static or dynamic
Role-
Based
Access
Control
Role-
Based
Access
Control
NIST RBAC Model
Summary
 introduced access control principles
 subjects, objects, access rights
 discretionary access controls
 access matrix, access control lists (ACLs),
capability tickets
 UNIX traditional and ACL mechanisms
 role-based access control

You might also like