















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An introduction to access control in information security. It discusses the concept of access control, protected resources, subjects, access modes, and access control requirements. The document also covers different access control models, including discretionary access control (dac), mandatory access control (mac), and role-based access control (rbac). Examples of access control policies and their implementation, as well as the advantages and disadvantages of each model.
Typology: Slides
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















Access Control policy
Problem! Unauthorized access
Access Control Example
Access Control Policy for son Edward
Access Control
Access Control
Access control components:
Separation of components allows to:
Closed v.s. Open Systems
Closed system Open System
Access requ. Access requ.
Exists Rule? Exists Rule?
Access permitted
Access denied
Access denied
Access permitted
Allowed accesses
Disallowed accesses yes no (^) no yes
(minimum privilege) (maximum privilege)
Discretionary Access Control
Access Matrix Model
Read Write Own
Read
Read Write Own
OBJECTS AND SUBJECTS
S U B J E C T S
Joe
Sam
File 1 File 2
DAC and Trojan Horse
Employee
Black’s Employee
Brown: read, write
Brown Black, Brown: read, write
Black
Word Processor
TH Inserts Trojan Horse Into shared program
Uses shared program Reads Employee
Copies Employee To Black’s Employee
DAC Overview
CSCE 201 - Farkas 19
Motivation
Express organizational policies
Flexible: easy to modify to meet new security requirements
Supports
CSCE 201 - Farkas 20
Roles
User group: collection of user with possibly different permissions
Role: mediator between collection of users and collection of permissions
RBAC independent from DAC and MAC (they may coexist)
RBAC is policy neutral: configuration of RBAC determines the policy to be enforced