Information Security, Lecture notes of Information Security and Markup Languages

Master the fundamentals of **Information Security** with these comprehensive study notes covering the **first five lectures** of the course. These are the same notes that helped me excel in my Information Security exams. They are organized in a clear, easy-to-understand format, making complex cybersecurity concepts much easier to learn and revise. Whether you're a **Cybersecurity**, **Computer Science**, or **IT** student, these notes are designed to help you: * Understand key Information Security concepts quickly. * Save hours of note-taking and revision. * Prepare effectively for quizzes, assignments, midterms, and finals. * Build a strong foundation for advanced cybersecurity topics. If you're looking for concise, exam-focused, and student-friendly notes, this bundle is an excellent resource to boost your understanding and confidence. **Includes:** Study notes for Information Security – Lectures 1–5 (PDF) Perfect for students who want to study smarter, not harder.

Typology: Lecture notes

2025/2026

Available from 06/30/2026

sanwal-fareed
sanwal-fareed 🇵🇰

9 documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
RBAC, TBAC
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download Information Security and more Lecture notes Information Security and Markup Languages in PDF only on Docsity!

RBAC, TBAC

Introduction

  • Access Control is a means by which the ability is explicitly enabled or restricted in some way (usually through physical and system-based controls)
  • Computer-based access controls can prescribe not only who or what process may have access to a specific system resource, but also the type of access that is permitted.
  • With Role-Based Access Control (RBAC), access decisions are based on the roles that individual users have as a part of an organization.
  • Roles are closely related to the concept of user groups in access controls.
  • Role brings together a set of users on one side and a set of permissions on the other whereas user groups are typically defined as a set of users.

Role-Based Access Control

Role-Based Access Control

  • RBAC is an access control mechanism which:
    • Describes complex access control policies.
    • Reduces errors in administration.
    • Reduces cost of administration.

Role-Based Access Control

  • The complexity of

administration is reduced

through

  • Assigning users to roles
  • Assigning permissions to
roles
  • Organising roles into a
hierarchy

Users

Objects

Roles

Procedures

Types

Permissions

Role-Based Access Control

  • RBAC supports three well-known security principles:
    • Least Privilege
    • Separation of duties
    • Data Abstraction
  • Least Privilege is supported because RBAC can be configured so only those permissions required for tasks conducted by members of the role are assigned to role.
  • Separation of duties is achieved by ensuring that mutually exclusive roles must be invoked to complete a sensitive task.
  • Data abstraction is supported by means of abstract permissions such as credit and debit for an account.
  • The degree to which data abstraction is supported will be determined by the implementation details

Introduction

  • TBAC models access controls from a task-oriented perspective than the

traditional subject-object one.

  • Access mediation now involves authorizations at various points during the

completion of tasks in accordance with some application logic.

  • By taking a task oriented view of access control and authorizations, TBAC

lays the foundation for research into a new breed of "active" security models that are required for agent based distributed computing and workflow management.

Contd…

  • TBAC is well suited for distributed computing and information processing

activities with multiple points of access, control, and decision making such as that found in workflow and distributed process and transaction management systems.

Contd…

  • Use a model of human notion of trust and community as the basis of

assigning privileges.

  • Rights/Privileges are dynamically assigned based on Risk of an action

(context) for peers/resources in a network.

TBAC in General

  • No widely applied TBAC Standards yet: SECURE Project
  • 2 approaches for implementing TBAC currently:
  • Trust through certificate based system
  • Trust Computation based on Transaction Ratings
  • Most of the current approaches extend the Role Based Access Control

(RBAC) with the Notion of Trust