Professional Documents
Culture Documents
LECTURE_03
ACCESS CONTROL
INTRODUCTION
Access control involves the process and mechanisms used to
restrict access to computing resources. The ability to allow only
authorized users, programs or processes system or resource
access.
Logical level
Limit connection to computer network, digital
infrastructure, systems files, data and services.
• Web Browsers: When you browse a web site, and run JavaScript code from
that web site, the browser has to control what such JavaScript code can
access, and what it cannot access. For example, a code from one web site
cannot access the cookies from another web site, and it cannot modify the
contents from another web site either. These controls are conducted by the
browser’s access control.
Subject
Also known as requestor
Human or non-person entity (NPE)
Making request to access resource
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
Resource
Also known as object
Protected from unauthorized use
Something the system has or does
– Data
– Functionality
– Hardware
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
Authorization
Allow an authenticated subject
Access to a resource
Allow or deny
Subject action on object (CRUD)
ACCESS REQUEST FLOW
Object sensitivity
Subject security level or clearance
Questions?