CISSP Introduction Module

CISSP Module 01

CISSP Module 02

CISSP Module 03

CISSP Module 04

CISSP Module 05

CISSP Module 06

CISSP Module 07

CISSP Module 08

CISSP Module 09

Part 04 – Access Control Models

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Virtual Practice Lab
Practice Test
Part 04 – Access Control Models

This section goes further in-depth into the subject of access control models (ACMs). We begin by pointing out the inevitable tradeoff that seems to always exist when it comes to technology, whether it be trading off speed for cost or ease of use for tighter security, there’s usually one lurking just below the surface. In the case of access control systems, the degree of security of the system is proportional to its user-friendliness. We’ll see examples of this in action shortly.

The first ACM we examine is DAC or discretionary access control. In a nutshell, the security of an object is based on the discretion of the object’s owner. This type of model promotes sharing and ease of use. A folder belongs to its owner who in turn gives permission to others to access it based on their discretion. Prime examples of such a systems are the Windows operating systems along with Unix, Linux, and most other personal computer OSes. The heart and soul of the DAC model are access control lists (ACLs). Such systems are also referred to as identity-based systems where resource access is bound to the user’s identity.

We then jump to the other end of the spectrum and examine the MAC (Mandatory Access Control) model. This is the most secure of the models. In this model data owners are not permitted to grant access. Instead, a security label system is used and labels are assigned by an ultimate authority such as a government security officer. In order to be granted access to an object, the subject’s label must dominate (be equal to or higher) than the object’s label. In other words, access to objects is at your level or below only. This model is most commonly used in government environments where classified data is in effect: top secret, secret, and classified.

Finally, we have a look at the RBAC (Role-based Access Control) model. This model addresses the issue of privilege creep via the revocation of credentials as user roles change. A user’s privileges are based on their function within the organization and these privileges and permissions can’t be changed. This model is sort of the best of both worlds in that a high level of security is enforced without the risk of authorization creep.



Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.


Upcoming Industry Events

Get more out of Cybrary
Reach an audience of 1,500,000+ IT and cyber professionals, including the world's top companies
Create impact at a scale by reaching a global audience
Build your personal brand
Supplement or replace your income (average instructor makes ~$1,000 - $2,000/month)
Access the world's largest talent pool of cyber security professionals, and receive candidates with pre-assessed technical skills
Eliminate the pain and costs of technical vetting
Receive candidate skill profiles highlighting knowledge and technical proficiency
Reach active and passive candidates; and, fill your pipeline with pre-vetted, qualified cyber professionals
Get a Job
Work with a dedicated mentor to help you select the career that's right for you, and get a job at one of the world's top companies.
Receive all the training and assessments you need to prepare for the job
Work with a dedicated Mentor
Get placed through Cybrary for jobs earning average salaries of $116,000/yr

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?