Access Controls

---

Access controls are tools and systems used to deny or allow access.

• Protect against:
  • Unauthorized access
  • Unapproved modification of data
  • Lack of data confidentiality
• 4 tasks of access controls:
  • Allowing access
  • Denying access
  • Limiting access
    • E.g., Sandbox
  • Revoking access

Types of Access Controls

• Logical Access Controls
  • technological implementations
• Physical Access Controls
  • measures taken to control access to physical areas or facilities
  • often deal with controlling the movement of individuals and vehicles
  • issues:
    • Tailgating and Piggybacking
  • defense:
    • Mantrap is a physical mechanism designed to control access to a secure area from a non-secure area through the use of a buffer zone.

Implementing Access Controls

• 2 ways:
  • Access Control Lists (ACL)
  • Capabilities

Access Control Models

Access control models describe the principles that govern who (subjects) should be allowed access to what resources (objects).

• Subjects are users and groups that access an object
• Objects are things such as files, folders, network shares, printers, applications, etc

Logical Access Control Models

• Discretionary Access Control (DAC)
• Mandatory Access Control (MAC)
• Rule-Based Access Control (RuBAC)
• Role-Based Access Control (RBAC)
• Attribute-Based Access Control (ABAC)
• Multilevel Access Control