Scribd
Upload
118 views4 pages

Authorization and Access Control

The document discusses authorization and access control. It defines authorization as specifying who can access what and the principle of least privilege as only granting necessary access. It describes access control as allowing, denying, limiting, or revoking access and different access control methods for file systems and networks. The main access control models are discretionary, mandatory, role-based, and attribute-based access controls.

Uploaded by

KATHLENE CORPUS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
118 views4 pages

Authorization and Access Control

The document discusses authorization and access control. It defines authorization as specifying who can access what and the principle of least privilege as only granting necessary access. It describes access control as allowing, denying, limiting, or revoking access and different access control methods for file systems and networks. The main access control models are discretionary, mandatory, role-based, and attribute-based access controls.

Uploaded by

KATHLENE CORPUS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

AUTHORIZATION AND

ACCESS CONTROL

Prof. Joseph Wilfred Dela Cruz

Professor

Corpus, Kathlene M.

Students
AUTHORIZATION AND ACCESS CONTROL

Authorization Allows us to specify where the party should be allowed or denied


access.

Principle of Least Privilege We should only allow the bare minimum of access
to a party to perform the functionality needed of it.

Access Control

• Allow access
• Denying access
• Limiting access
• Revoking access

Methods to implement access control

• Referred to as “ackles”
• Used to control access in the file systems and to control the flow of
traffic in the networks.

File Systems aCls

• Read, write, and execute,


• Rwxrwxrwx
• User, group, and other ACLs

Network aCls

• Access controlled by the identifiers we use for network transactions, such


as Internet Protocol (IP) addresses, Media Access Control (MAC)
addresses, and ports.
• The simplest forms of network-oriented is MAC address filtering.
Capability-based security

• Oriented around the use of a token that controls our access.


• The right to access a resource is based entirely on possession of the
token.

Confused deputy problem

• Common in systems that use ACLs.


• Seen when the software with access to a resource has a greater level of
permission to access the resource than the user who is controlling the
software.

Client-side attacks

• Attacks that take advantage of weakness in applications that are running


on the computer being operated directly by the user, often referred to
as the client.

CSRF (cross-site request forgery)

• Attacks that misuse the authority of the browser on the user’s computer.

Clickjacking

• Also known as user interface addressing.

Access Control Methodologies

• Means by which we implement authorization and deny or allow access


to parties, based on what resources we have determined they should be
allowed access to.
Access Control Models

Access Control Models

• Discretionary Access Control


• Mandatory Access Control
• Role-based Access Control
• Attribute-based Access Control
• Physical Access Controls

Discretionary Access Control

➢ Model of access control bases on access being determined by the owner


of the resource in question

Mandatory Access Control

➢ Means by which we implement authorization and deny or allow access


to parties, based on what resources we have determined they should be
allowed access to.

Role-based Access Control

➢ Based on the role the individual being granted access is performing.

Attribute-based Access Control

➢ Logically based on attributed, CAPTHA a completely Automated Public


Turing Test to Tell Humans and Computer Apart.

Physical Access Controls

➢ Access control for individuals often revolves around controlling


movement into and out of the building or facilities.

You might also like