Types of Access Control
Non-discretionary access control
Access is set and controlled by the overall security
administrator.
Users do not have the capability to change, modify or set
the ownership/access to objects
Mandatory access control
The system owner sets the access levels and users are put
into different categories with different access levels.
Famous example: SELinux
Discretionary Access Control – DAC
Owner of the object decides the level of privilege that a
user can have
RSBAC – rule-set based access control
Ø
Linux-based.
Ø
Exists since 1996, active development since 2000
Ø
Works at kernel level
Ø
Based on GFAC – generalized framework for access
control
Several modules:
·
MAC – Mandatory access control
·
PM – Primary module
·
FC – Function control module
·
FF – File flag module
·
MS – Malware scan module
·
RC – Role compatibility module
·
SIM – Security information modification module
·
Auth – Authentication module
·
ACL – Access control list module
RBAC – role based access control
Access is based on the role that a certain user has – access
level to which is decided by the owner
CUI – constrained user interface
Ø
The user is only shown the options that he is
allowed access to.
Ø
Similar to VBAC – view-based access control.
The user is only shown a view that displays options
available at his access-level
CDAC – content dependent access control
Ø
Based on GFAC
Ø
Access is granted or denied based on the content
and its level of secrecy or sensitivity.
CBAC – context-based access control
Ø
Works on context, or sequence of events that are
detectable.
Ø
Mostly used in Firewalls.
Ø
Could be used to deny access based on how many
requests are being sent in for access to a certain object. Or what sequence the
requests are coming in.
TRBAC – Temporal role based access control
Ø
Time-based and Roles based.
Ø
The role is based on time that has been decided
by the owner.
Ø
Could be a certain time-zone or a certain
time-based window that the access is based upon.
No comments:
Post a Comment