Access Control

Chapter 4 - "Access Control"

"Access Control" is the defense against unauthorized access and misuse of resources. It is central to computer security.

Access control principles help determine who can access what, under what conditions.

DAC is based on identities and rules determining what the requester is allowed.

MAC is based on security labels and security clearances.

RBAC is based on user roles in the system.

Access Control Requirements involve obtaining reliable input, creating specific specifications, and using the principle of least privilege.

Consistent and reliable input is vital for maintaining secure access control.

These specifications ensure control over detailed or broader aspects of the system.

This principle restricts access rights for users to the bare minimum they need to complete their tasks.

Access control encompasses subjects, objects, and access rights.

Subjects are entities with access rights.

Subjects are typically classified into three categories: owner, group, and world.

Objects are resources being accessed.

Access rights are permissions such as read, write, and execute.

Access control function determines if a subject's requested action on an object is allowed.

RBAC systems assign rights to roles instead of individual users.

RBAC reference models include RBAC0 to RBAC3, each with different functionalities.

RBAC0 contains basic entities for an RBAC system.

RBAC1 allows for role hierarchies and inheritance of permissions.

RBAC2 includes constraints to regulate RBAC components configurations.

RBAC3 combines functionalities of RBAC0 to RBAC2.