Authorization and Access Controls

---

Goals

• Define authorization
• Define the principle of least privilege
• Define access control
• Identify access control list types (e.g., file system and network)
• Define the confused deputy problem and its common uses, including cross-site request forgery (CSRF) and clickjacking
• Define capability-based security
• Compare access control models
• Differentiate between authorization and access control
• Identify cybersecurity concepts and principles that protect critical information (e.g., intellectual property, files)

After receiving a subject’s claim of identity and established whether that claim is valid, you then have to decide whether to allow a party access to resources.

• achieved by authorization and access controls

Authorization

• Authorization

Access Controls

• Access Controls
  • Types of Access Controls
  • Access Control Lists (ACL)
  • Capabilities
  • Access Control Models
    • Discretionary Access Control (DAC)
    • Mandatory Access Control (MAC)
    • Rule-Based Access Control (RuBAC)
    • Role-Based Access Control (RBAC)
    • Attribute-Based Access Control (ABAC)
    • Multilevel Access Control