Skip to main content

Types and Application of Access Control Methods

 

Types and Application of Access Control Methods

Role-based access control

Role-Based Access Control (RBAC) is a method used to restrict system access to authorized users. Permissions are assigned to roles rather than individual users. Users are then assigned to roles based on their responsibilities within an organization.

RBAC typically involves three entities:

        User - Individuals who interact with the system and require certain levels of access.

        Role - A defined set of permissions that correlate with the responsibilities of a particular position or function within an organization.

        Permission - Access rights or privileges that determine what actions users assigned to a role can perform within the system.

The key concept is that permissions are linked to roles, and users get their permissions by being assigned to the appropriate role. This simplifies access management, causing it to more scalable and manageable in larger organizations. When a user's role changes, their access privileges are changed accordingly, streamlining administration, and there for reducing the risk of unauthorized access.

RBAC helps enhance security by ensuring that users have the necessary permissions to perform their jobs without being granted unnecessary access. It's widely used in various systems, including databases, network systems, and applications, to control access and manage authorization effectively.


Attribute-based access control

Attribute-based access control (ABAC) is a security model that regulates access to resources based on attributes. These attributes could include things like user roles, environment conditions, time of access, or any other relevant information that describes the user, the resource, or the context in which access is requested.

Unlike traditional access control models that rely heavily on user roles and permissions, ABAC considers a broader range of attributes and conditions. It evaluates these attributes against a set of policies to determine whether access should be granted or denied.

ABAC offers more flexibility in controlling access compared to role-based or discretionary access control systems. It allows organizations to define complex access policies that adapt to dynamic environments and specific scenarios, enhancing security by providing fine-grained control over access to resources.


Mandatory access control

Mandatory Access Control (MAC) is a security model used to restrict access to resources based on security labels and clearances. In MAC, access control decisions are primarily based on security policies that are defined by a system's security administrator or a central authority.

Unlike discretionary access control (DAC), where owners of resources have control over who can access them, MAC enforces access control based on predefined rules that cannot be altered by users. It uses labels and classifications to determine access rights, assigning labels to both subjects (users, processes) and objects (files, resources).

MAC operates on the principle of need-to-know and least privilege, ensuring that only authorized users or processes with the necessary clearance and matching security labels can access specific resources. It's commonly found in high-security environments such as government systems or military networks where strict control over data access is crucial for confidentiality and integrity.

 

Discretionary access control

Discretionary Access Control (DAC) is a security model used in computer systems and networks to restrict access to information based on the discretion of the object's owner. In DAC, the owner of the object (such as a file, folder, or resource) has the discretion or control over who can access that object and what level of access they have.

Here's how DAC typically works:

  • Owner-Based Control: Each object (like files or folders) has an owner who has control over it. The owner determines who can access the object and what level of access they have.
  • Access Control Lists (ACLs): DAC often uses Access Control Lists, which are lists of permissions associated with an object. These permissions specify which users or groups are allowed to access the object and the type of access they're permitted (read, write, execute, etc.).
  • Security Risks: One of the challenges with DAC is that it heavily relies on the discretion of the object's owner. If the owner grants inappropriate access permissions or becomes compromised, it could lead to security risks or unauthorized access.
  • Flexibility and Customization: DAC provides flexibility as it allows individual users or groups to set permissions based on their needs. However, this flexibility can also lead to complexity in managing access control.

Contrastingly, Mandatory Access Control (MAC) and Role-Based Access Control (RBAC) are other access control models that offer different approaches to regulating access. MAC focuses on system-enforced access controls based on security labels, while RBAC assigns permissions based on predefined roles or functions within an organization.

In summary, Discretionary Access Control empowers object owners to control access to their resources, but it requires careful management and oversight to ensure appropriate access rights and prevent potential security vulnerabilities.

Comments

Post a Comment

Popular posts from this blog

Types of network adapters in virtual box

  Types of network adapters in VirtualBox In VirtualBox there’s multiple types of network adapters that can be used to configure virtual machines for different networking needs. Down below will give you a brief overview of each type. NAT (network address translation) The VM is placed behind a VirtualBox-managed router. This allows the VM to access the external network via the networks host’s IP, but the VM itself remains invisible to the outside. Its most suitable for simple internet access with minimal configuration NAT network This is like NAT, but it allows multiple VM’s to communicate with each other in the same NAT network all while sharing the host’s internet connection. Its commonly used when you want to simulate a small, isolated network of VM’s that can also access the internet. Bridged adapter This VM is connected directly to the physical network as if it is a separate device, it also receives its own IP address from the same network as the host. This is ide...
Post a Comment
Read more
  Designing a SOHO network with DHCP Network requirements for the office Sales department – 4 computers Finance department – 3 computers Networking devices requirement: ·          1 router ·          2 switches (one for each department) ·          1 DHCP server Documentation I started by setting up the network topology and used the automatic connecting cable to connect all the devices together. Then I configured the server with IPv4 address and a subnet mask. to do this you have to press on the server and then go to desktop. Then I filled in all the parameters as seen below. Then I had to configure the DHCP server. To do this I clicked on the server > services > DHCP. Then I turned on the serves and configured the server as seen in this screenshot. For the next step I configured the router with the IPv4 address and subnet mask. To a...
Post a Comment
Read more

Project management methodologies

  Project management methodologies Agile This uses an iterative approach to delivering a project throughout its entire life cycle. This means that this is a very adaptable methodology and it has multiple frame works that can be used and the one that is selected depends on Size of organisation Structure of team Resource availability Stakeholder requirements Each of these frame works have their own pros and cons, which means that although it may work for one team it may not work for another team as effectively.                  Types of frame works Scrum - Scrum is an Agile framework used to manage complex projects. It involves: Roles: Product Owner: Manages the product backlog and ensures value delivery. Scrum Master: Facilitates the process and removes obstacles. Development Team: Delivers the product increment in a self-organizing manner. Artifacts: Product ...
Post a Comment
Read more