Access Control - Access Control Stop Who would cross the Bridge of Death must answer me these questions three ere the other side he see Bridgekeeper

Access Control - Access Control Stop Who would cross the...

This preview shows page 1 - 5 out of 10 pages.

Stop! Who would cross the Bridge of Death must answer me these questions three, ere the other side he see. Bridgekeeper, Monty Python and the Holy Grail Access Control
Principles: authentication, authorization, audit Policies Requirements Objects Defining policies Types of policies Mandatory access control Discretionary access control Role-based access control Examples Linux file systems Hospital (work out on board) Access control overview 2
Goals Allow access to permitted users What are these users allowed to do? Deny access to everyone else Basic principles Authentication: validate credentials of an entity Authorization: determine that the entity is allowed to perform the operation Audit: record what was done for later analysis Ensure correct operation Track breaches and their impact (maybe) Recommend changes in policy Access control goals & principles 3 Authorization database Password database Authenticate Access control Security administrator
Discretionary access control (DAC) Control access based on: Identity of requestor

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture