CISSP Introduction Module

CISSP Module 01

CISSP Module 02

CISSP Module 03

CISSP Module 04

CISSP Module 05

CISSP Module 06

CISSP Module 07

CISSP Module 08

CISSP Module 09

Part 04 – Access Control Models

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Description
Virtual Practice Lab
Practice Test
Resources
Part 04 – Access Control Models

This section goes further in-depth into the subject of access control models (ACMs). We begin by pointing out the inevitable tradeoff that seems to always exist when it comes to technology, whether it be trading off speed for cost or ease of use for tighter security, there’s usually one lurking just below the surface. In the case of access control systems, the degree of security of the system is proportional to its user-friendliness. We’ll see examples of this in action shortly.

The first ACM we examine is DAC or discretionary access control. In a nutshell, the security of an object is based on the discretion of the object’s owner. This type of model promotes sharing and ease of use. A folder belongs to its owner who in turn gives permission to others to access it based on their discretion. Prime examples of such a systems are the Windows operating systems along with Unix, Linux, and most other personal computer OSes. The heart and soul of the DAC model are access control lists (ACLs). Such systems are also referred to as identity-based systems where resource access is bound to the user’s identity.

We then jump to the other end of the spectrum and examine the MAC (Mandatory Access Control) model. This is the most secure of the models. In this model data owners are not permitted to grant access. Instead, a security label system is used and labels are assigned by an ultimate authority such as a government security officer. In order to be granted access to an object, the subject’s label must dominate (be equal to or higher) than the object’s label. In other words, access to objects is at your level or below only. This model is most commonly used in government environments where classified data is in effect: top secret, secret, and classified.

Finally, we have a look at the RBAC (Role-based Access Control) model. This model addresses the issue of privilege creep via the revocation of credentials as user roles change. A user’s privileges are based on their function within the organization and these privileges and permissions can’t be changed. This model is sort of the best of both worlds in that a high level of security is enforced without the risk of authorization creep.

 

 

Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Upcoming Industry Events

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel