Part 04 – Access Control Models

FacebookTwitterGoogle+LinkedInEmail
Description
This section goes further in-depth into the subject of access control models (ACMs). We begin by pointing out the inevitable tradeoff that seems to always exist when it comes to technology, whether it be trading off speed for cost or ease of use for tighter security, there's usually one lurking just below the surface. In the case of access control systems, the degree of security of the system is proportional to its user-friendliness. We'll see examples of this in action shortly. The first ACM we examine is DAC or discretionary access control. In a nutshell, the security of an object is based on the discretion of the object's owner. This type of model promotes sharing and ease of use. A folder belongs to its owner who in turn gives permission to others to access it based on their discretion. Prime examples of such a systems are the Windows operating systems along with Unix, Linux, and most other personal computer OSes. The heart and soul of the DAC model are access control lists (ACLs). Such systems are also referred to as identity-based systems where resource access is bound to the user's identity. We then jump to the other end of the spectrum and examine the MAC (Mandatory Access Control) model. This is the most secure of the models. In this model data owners are not permitted to grant access. Instead, a security label system is used and labels are assigned by an ultimate authority such as a government security officer. In order to be granted access to an object, the subject's label must dominate (be equal to or higher) than the object's label. In other words, access to objects is at your level or below only. This model is most commonly used in government environments where classified data is in effect: top secret, secret, and classified. Finally, we have a look at the RBAC (Role-based Access Control) model. This model addresses the issue of privilege creep via the revocation of credentials as user roles change. A user's privileges are based on their function within the organization and these privileges and permissions can't be changed. This model is sort of the best of both worlds in that a high level of security is enforced without the risk of authorization creep.    
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel