Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Access Control Strategies

Access control models are based on requirements, technology, and implementations. Different types of access control models exist. The most popular access control models are a Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC).

Discretionary Access Control (DAC)

In this model, the access control is based on the owner's discretion. The owner of the resource can decide to whom he/she should grant permission to access, and exactly what they are allowed to access. This is the most common model used in most of the file sharing utilities both in the Microsoft operating system and in UNIX. The CHMOD command in UNIX allows the user to share the files in the network. In DAC, the permission is granted to those who need access and it is classified as a “need-to-know” access model. One of the examples of this type of implementation is Access Control Lists (ACLs).

Mandatory Access Control (MAC)

In the Mandatory Access Control (MAC) model, shown in Figure 4-2, usually a group or a set of people are provided access based on the clearance given to a specific level of access depending on the classification of information/data. For example, data that is “top secret” is available to a set of people based on their clearance level to access “top secret” documents. Such people also have clearance to access lower level classified information, but, lower level cleared employees will not have access to a higher level of classified information. This does not grant them access without

any restriction. In such a system, they are required to access the documents or information only on a “need-to-know” or on a “need-to-use” basis to fulfil their job related responsibilities. We can often find this model implemented in government organizations where the access depends on the sensitivity of the documents (secret, top secret, etc.), and the responsibilities of the individuals who are working on the project are clearly defined.

Figure 4-2. Example of a Mandatory Access Control

Role-Based Access Control (RBAC)

As the name suggests, access control is granted based on the roles and responsibilities of an individual working in the organization, that is, on a “need-to-do” or a “need-to-use” basis as shown in Figure 4-3. For example, an engineer's role would be restricted to accessing design documents and software. He can add, delete, or modify his own data

or code but cannot access the project level or production data. Also, he will not have access to the HR database or financial database. To cite another example, a customer service representative might require access to payment status, shipping details, or previous order history, in order to assist customers and may have “read” only access to such data as he is not required to modify these. Similarly, a system administrator will have a more privileged access to the system than the rest of the employees. However, a system administrator may not have a “root” access and password, because it has been restricted by his manager. An RBAC is the best system for a company that has a high employee turnover.

Figure 4-3. A Role Based Access Control

Attribute Based Access Control

Access can be granted using attributes – subject attributes like identity, roles; object attributes like device name, file, record, table, applications, programs, and network; environment conditions like location, time, and the like as shown in Figure 4-4. When the role assigned to a subject is used as the single attribute to control access, it is known as a Role Based Access Control (RBAC). An Attribute Based Access Control (ABAC) provides access on the basis of multiple attributes. NIST special publication 800-162:1 “Guide to Attribute Based Access Control (ABAC) Definition and Considerations” defines RBAC as “an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environmental conditions, and a set of policies that are specified in terms of those attributes and conditions.”

Figure 4-4. ABAC Access Control Mechanism

Unlike identity based ACLs and the role based RBAC, ABAC does not attach access to either subjects or to roles directly. ABAC can dynamically check for various rules based on the subjects, objects, and other attributes specified and decide on granting access depending on a set of rules or policies specified in terms of those attributes and conditions. Rules or policies decide what operations are allowed for which type of subject on which type of objects and under what conditions. Operations can be read, written, deleted, modified, edited, and executed. ABAC allows policies, subjects, or objects to be created and managed separately yet relating them dynamically during the granting of access. Access Control Mechanisms make the decisions whether or not to grant access based on the applicable policies and attributes. The current global corporate setup with diversities and complicated structures, where multiple organizations work together collaboratively, the subject based access control policies and role based access control policies are difficult to be implemented effectively with respect to the intent of access controls. Of course, ABAC is not as simple and straight forward to implement. It is complex but very useful in providing better access controls. Some of the examples of ABAC are: Extensible Access Control Markup Language (XACML) and the Next Generation Access Control standard.1

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science