Access control
Access control is specifying which subjects have permission to access which objects. A subject is something that wants to access and object. An object is something that needs to be accessed.
Principles of access control
-
Least privilege - Only give the least permission necessary
-
Fail-safe defaults - Assume the subject doesn't have permission by default
Storing permissions
Access Control List
An Access Control List (ACL) lists which subjects have permission to access and object.
Capability list
A capability list states the permissions a subject has for each object.
Multi-level security
Multi-level security concerns systems in which there are multiple security levels. Each object is assigned a classification and each subject is assigned a clearance.
Access control models
-
Discretionary access control - controls are set by the owners of an object
-
Mandatory access control - policy enforced by the administrators
-
Role-based access control - Permissions are based on roles. A user acquires permission by obtaining roles