Donate to the Palestine's children, safe the people of Gaza.  >>>Donate Link...... Your contribution will help to save the life of Gaza people, who trapped in war conflict & urgently needed food, water, health care and more.
RxHarun

Secure Access Control to Monitor User–System Interactions

Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist
0 Views
Rx Cyber Crime and Cyber Terrorism Protection Tutorial
Access controls are security features that control the communication and interaction of users and systems with the other users and systems. Access control is more than simply requiring usernames and passwords when users want to access resources. There is much more to it. There are multiple methods, techniques, technologies and models that can be implemented; there are different ways to administer controls and there are a variety of attacks that are launched against many of these access control mechanisms.

Definitions

Here are  some basic definitions of terms that are most frequently used in access control:

  • Subject Active entity that requests access to an object or the data within an object. The subject is the actor.
  • Object Passive entity being accessed, or the item being acted upon.
  • Access Ability of a subject to do something, such as read, create, delete or modify. Access is also considered the flow of information between a subject and object.
  • Access control Security features that control how subjects and objects communicate and interact with each other and the flow of information.

Access Control Properties

There are three important features of access control:

  • Identification
  • Authentication
  • Authorization

Identification describes a method of ensuring that a subject (user, program or process) is the entity it claims to be. Some examples of identification mechanisms are username, account number and memory card.

Authentication is the second part of a credential set to verify the identity of the subject. These mechanisms could be passphrases, passwords, cryptographic keys, PIN numbers or tokens.

Authorization is the process of determining what this identified subject can actually access and what operations it can carry out. Authorization is based on some type of predefined criteria, which is enforced through access control lists, security labels, capabilities tables or user profiles.

Identification and Authentication

In IT Security Management, Identification is usually providing a public piece of information (username and account number) and authentication is providing a private piece of information (PIN number, passphrase and digital signature). Three important characteristics of the mechanisms that can be used for authentication are as follows:

  • Subject must prove something s/he knows, for example password
  • Subject must prove something s/he has, for example smart card
  • Subject must prove something s/he is, for example fingerprint

If one mechanism providing one of these characteristics is used, it is referred to as one-factor, if two mechanisms are being used, it is known as two-factor and, yes you guessed it, an authentication process that requires all three is referred to as three-factor. For the authentication process to be considered as strong it must be at least two-factor.

Authorization

Authorization is a process of assigning authenticated subjects access and the right to carry out specific operations, depending upon their preconfigured access rights and permissions outlined in access criteria. An access criterion is developed by the administrator or security officer, to support and carry out the organization’s security policy. Criteria can be based on one or both of the following aspects:

Clearance
The security level the subject holds, which directly dictates the objects that are accessible to it.
Need-to-Know
The formal access level approved correlates to what information should and should not be available to a subject.

In a mandatory access control (MAC) model, users do not have the discretion of determining who can access objects as in a DAC model. An operating system that is based upon a MAC model greatly reduces the amount of rights, permissions, and functionality a user has for security purposes. MAC environments use clearances, classifications, and need-to-know to determine if a subject can access an object and what are operations can be carried out. Discretionary Access Control (DAC) environments use access control lists (ACLs), which are developed strictly based on the subject’s need to know.

It is important to only give the subject access to the objects (resources, devices and information) that are required for it to complete its tasks. This concept is referred to as least privilege. This reduces the possibility of fraud and damaging accidents by limiting access to objects based purely on business needs.
It is best for mechanisms that are making access decisions to default to “no access”. This means that if a subject is not explicitly allowed, it is implicitly denied.

Related Articles
To Get Daily Health Newsletter

We don’t spam! Read our privacy policy for more info.

Terms and Conditions of Use
Privacy Policy
Cookie Policy
Editorial Policy
Advertising Policy
EU User Consent Policy
Correction Policy
Citation Policy
Ethics and Logical Policies
About Us
Contact Us
Newsletter
Career
Sitemap
Advertise with us
Editorial Board Members
Review Board Member
Team RxHarun
Web Developers Team
Guest Posts and Sponsored Posts
Request for Board Member
Women Writers
Download Mobile Apps
Follow us on Social Media
© 2012 - 2025; All rights reserved by authors. Powered by Mediarx International LTD, a subsidiary company of Rx Foundation.
RxHarun
Logo