Lecture 3 - Access Control Basics Flashcards
What is access control?
a security policy specifying who or what may have access to each specific system resource and the type of access permitted in each instance
What are the 3 processes of access control?
- authentication
- authorization
- audit
What is authentication?
verification that the credentials of the user or other system entity are valid
- can the entity access the system at all?
What is authorization?
the granting of a right or permission to a system entity to access a system resource. This determines who is trusted for a given purpose.
- can the specific resource be served to this entity?
What is an audit?
an independent review and examination of system records and activities
- keeps access records
An access control mechanisam mediates between….
user , system resources e.g. apps , os , firewalls , routers , files and dbs.
What are the basic elements of access control?
- object
- subject
- access right
What is an object?
resource to which access is controlled
What is a subject? Some examples?
an entity capable of accessing objects (owner , group , world -> these are the 3 basic ones)
What is an access right?
describes the way in which a subject may access an object
- read , write , execute, delete, create, search
What is an access control policy?
dictates what types of access are permitted, under what circumstances, and by whom.
What are the 4 groups of access policies?
- Discretionary access control
- Mandatory access control
- Role-Based access control
- Attribute-Based access control
Are access policies mutually exclusive?
No, an access control mechanism
can employ two or even all three of these policies to cover different classes of system
resources.
