FIT2093 Lecture Notes - Lecture 3: Mandatory Access Control, Discretionary Access Control, Job
30 May 2018
School
Department
Course
Professor
Lecture 3 - Access Control and Security Models
Access Control: the prevention of unauthorised use of a resource, including the prevention of use
of a resource in an unauthorised manner
-Central element of computer security
-Limits users to only IT resources they need to perform their tasks
-Assume have users and groups:
-Authenticate to system
-Assigned access rights to certain resources on system
-Can be specified by:
-Discretionary Access Control (DAC): controlled by who owns the object
Controls access based on the identity of the requestor and on access rules(authorisations)
stating what requestors are (or are not) allowed to do
-Mandatory Access Control (MAC): apply standard control to every subject (users)
Controls access based on comparing security labels with security clearances
-Role Base Access Control (RBAC): apply control based on what their job (role) is
controls access based on the roles that users have within the system and on rules statin
what accesses are allowed to users in given roles
Access Control Elements:
-Subject: an entity that can access objects
-Object: access controlled resource
-Access right: way in which subject accesses an object
- Access rights describes the way in which a subject may access an object
Subject —> Access Request —> Reference Monitors: an abstract system part that mediates and
controls access requests —> object
Access Control-Security
Access Control Matrix (ACM):
-Defines the subjects (users), objects (information or resources) and type of access
-Combination of these three defines an authorisation rule/access rule
-Not practical since it can usually be sparse and lost of wastage and redundancy
Access Control List (ACL): focus on the object
-For each object specifies the subjects and their access operations
-Simple to implement but difficult to manage
Objects
File A
Program A
Directory X
Su
bje
ct
Sam
R,W
R,W,X
RWX
Alice
R
X
RW
Bob
W
R
-
Subject
File A
Sam
R,W
Alice
R
Bob
W
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Access control: the prevention of unauthorised use of a resource, including the prevention of use of a resource in an unauthorised manner. Limits users to only it resources they need to perform their tasks. Assigned access rights to certain resources on system. Discretionary access control (dac): controlled by who owns the object. Controls access based on the identity of the requestor and on access rules(authorisations) stating what requestors are (or are not) allowed to do. Mandatory access control (mac): apply standard control to every subject (users) Controls access based on comparing security labels with security clearances. Subject: an entity that can access objects. Access right: way in which subject accesses an object. Access rights describes the way in which a subject may access an object. Subject > access request > reference monitors: an abstract system part that mediates and controls access requests > object. Defines the subjects (users), objects (information or resources) and type of access.
