Access Control Models

Access Control

 The process by which resources or services

are either granted access (gained access) or denied
on a computer system or a network

 Standard access control models as well as specific

practices are used to enforce access controls
 Access Control Elements

 Object – resource(s) to be protected (e.g.

File, folder, Program etc.)
 Subject – user trying to access the object
(e.g. Owner, end user or custodian)
 Operations or Access Rights – action
being attempted (read, write , exe etc.)

 Access Control Matrix (next slide)

 Access Control List (next …)
Access Control Matrix
Set of Subjects, S and Objects, O with given rights

request reference allow/deny

subject monitor object

Objects

File 1 File 2 File 3 … File n

User 1 {r} {w} {share}
User 2 {w} {w} {r} {exe}
Subjects User 3 {r} {w}
… {exe}
User k {r} {r} {r,w} {r} {w}
Drawbacks of access control matrix

 Number of subjects/objects are might be very

large
 There is possibilities of several entries to be
blanked
 One central matrix is modified every time
when subjects/objects are created/deleted or
rights are modified
 “Small’ unnecessary change or access
inconveneious may results in it.

5
 Access control list (ACL)
Ideally, one list per object showing all subjects with access
rights

• Missing subjects given “default” access

object
• Easy to make an object public
S1: {r, w}
request reference allow/deny S2: {w}
subject monitor object
S3: {r, w}
S4: {}

object
Access Control Process

Access Control
Models
Access Control Process (conti…)
 Identification
 Computer or network users are identified by unique identity
such as user name.
 Authentication
 Checking the user’s login information to be sure that they are
authentic and not fabricated, usually using a password
 Authorization or Access
 Granting permission to take the action on resources (file, folder,
program)
 Custodian or Administrator
 The person who reviews security settings or rights
 Authentication vs. Authorization
 Authentication
 Checking the identity of a user e.g. user name
and password
 May also involves verification of IP address,
machine name, session, etc…
 Determine whether a user is allowed to access
the system at all or not

 Authorization
 Assuming identity of user is known, determine
whether some specific action is allowed
9
 Access Control Models or Policies

 Discretionary (dɪˈskrɛʃ(ə)n(ə)ri) Access Control (DAC)

 Mandatory Access Control (MAC)
 Role-Based or Non- Discretionary Access Control
 Rule-Based Access Control (Rule-BAC)
 Discretionary Access Control (DAC)
 The least restrictive Mechanism
 It uses identity of subject to decide when to grant or
deny any access over any object
 All access rights to an object is set by the object owner
 In DAC, end user can also change the permissions for
other subjects over objects
 Most commonly used in commercial operating systems
 Generally less secure than mandatory control
 Generally easier to implement and more flexible
 Includes:-
 Identity-based access control
 Access control lists (ACLs)
DAC Has Significant Weaknesses
 End user can also set access rights for other users
over an object.

 A subject’s permissions automatically “inherited” by

other programs that the subject executes

 DAC is more labor intensive than MAC

 Mandatory Access Control (MAC)

 Most restrictive Mechanism

 It assigns a security labels (secret, top secret
etc.) to each subject and object and then
matches both labels to determine when to
grant or deny access.
 The end user cannot implement, modify, or
transfer any controls.
 Mostly used in military environment
 DAC vs. MAC
 DAC provides access based on identity
 DAC is more labor intensive than MAC
 DAC is more flexible than MAC
 DAC access can be set by end user also.
 DAC provides least restrictive security
mechanism
 MAC provides most restrictive security
mechanism
MAC provides access based on levels/labels
 MAC access can only be changed by admins
 Mostly MAC is used in military environment
Role-Based Access
Access Control
Access based on
‘role’, not identity

Many-to-many
relationship between
users and roles

Roles often static

 Role-Based
Access Control
Different roles are set for each user
and access depends on the set role
but not directly on users.

User’s rights can change depending

on their current role

More recent proposal

Role-users and
roles-object
access matrix
Role Based Access Control (RBAC)
model
 Sometimes called Non-Discretionary Access
Control
 Used in Windows corporate domains
 Considered a more “real world” approach than the
other models
 Assigns permissions to particular roles in the
organization, such as “Manager role” and then assigns
users to that role
 Objects are set to be a certain type, to which
subjects with that particular role have access
 Rule based Access Control
 Access to object is either granted or denied on
the base of specified predefined rules such as :-
 If days between Monday to Wednesday
 Time between 11:AM to 2:00 PM
 Location is Pakistan
Advantages:
Very flexible & can be combined with other Models
Example: Firewalls grant access to the packet using rule based
access control policies.
Roles in Access Control

update
 Best Practices for Managing of
Access Control
 Separation of duties
 More than one person should complete an important tasks
 No Single person should control money or other essential
resources alone.
 Network administrator(s) often have too much power and
responsibility
 Job Rotation
 Individuals should periodically moved from one job
responsibility to another
Best Practices for Access Control
 Least privileges
 Each user should be given only the minimal
amount of privileges necessary to perform his or
her job function
 Implicit (Fully) deny
 If a condition is not clearly met, access is denied
 For example, Web filters typically block unrated
sites
Physical Access Control
Physical Access Control
 Physical access control primarily protects computer
equipment
 Designed to prevent unauthorized users from
gaining physical access to equipment in order to
use, steal, or damage it.
 Physical access control includes computer security,
door security, mantraps, video surveillance, and
physical access logs
Physical Computer Security
 Rack-mounted servers
 A rack server, also called a rack-mounted server, is a computer dedicated to use as
a server and designed to be installed in a metal frame called a rack. The rack contains
multiple mounting slots called bays, each designed to hold a hardware unit secured in
place with screws.

 4.45 centimeters (1.75 inches) tall

 KVM (Keyboard, Video, Mouse) Switch
 Needed to connect to the servers
 Can be password-protected
Rack-mounted server’s Metal Framwork
KVM Switch
Door Security
 Hardware locks
 Preset lock
 Also known as the key-in-knob lock
 The easiest to use because it requires only a key for
unlocking the door from the outside
 Automatically locks behind the person, unless it has
been set to remain unlocked
 Security provided by a preset lock is minimal
Cipher Lock
 Combination locks that use buttons that
must be pushed in the proper sequence to
open the door
 Can be programmed to allow only the
code of certain individuals to be valid on
specific dates and times
 Cipher locks also keep a record of when
the door was opened and by which code
 Cipher locks are typically connected to a
networked computer system Lab.
 Can be monitored and controlled from one
central location
Cipher Lock Disadvantages
 Basic models can cost several hundred
dollars while advanced models can be even
more expensive
 Users must be careful to conceal which
buttons they push to avoid someone seeing
or photographing the combination
 Tailgate Sensor
 Uses infrared beams that are
aimed across a doorway
 Can detect if a second person
walks through the beam array
immediately behind
(“tailgates”) the first person
without presenting
credentials.
Mantrap
 Before entering a secure area, a person must enter the
mantrap
 A small room like an elevator
 If their ID is not valid, they are trapped there until the police
arrive
 Mantraps are used at high-security areas where only
authorized persons are allowed to enter
 Such as sensitive data processing areas, cash handling
areas, critical research labs, security control rooms, and
automated airline passenger entry etc.
Mantrap
Physical Access Log
 A record or list of individuals who entered a secure
area, the time that they entered, and the time they
left the area
 Can also identify if unauthorized personnel have
accessed a secure area
 Physical access logs originally were paper documents
 Today, door access systems and physical tokens can
generate electronic log documents