MG

ACCESS CONTROL

Exam Information

  • Exam Date: Upcoming exam covering material from lectures 10 through 18 will be scheduled after spring break.

  • Spring Break: Starts on March 17, which is a Monday.

  • Assessment Range: All materials related to the content from lecture 10 to lecture 18 are essential for preparation.

Access Control Overview

  • Access Control in Daily Life:

    • Locks on cars and apartments represent practiced access control.

    • Sharing passwords involves access control principles.

Importance of Access Control

  • Access control applies to various levels including software, network, and physical security.

  • Significant infrastructure is needed to maintain effective access control.

Programming and Code Development

  • Issues in programming include reliance on external resources and collaboration without proper consultation of documentation or manuals.

  • Mention of adding ChatGPT guidelines into the programming assignments for support.

  • Plagiarism Detection:

    • Student codes will be compared across courses for originality.

    • Examples are provided to note the consequences of collaboration on grades.

Access Control Definitions

  • National Institute of Standards and Technology (NIST) Definition:

    • Attributed to NIST: It entails granting or denying access based on established policies, which encompasses both physical and digital realms.

Types of Access Control

  1. Discretionary Access Control (DAC):

    • Users can grant access to others (e.g., guest accounts).

  2. Role-Based Access Control (RBAC):

    • Access permissions based on user roles (e.g., who can change grades).

  3. Attribute-Based Access Control (ABAC):

    • Resource management based on predefined attributes

    • Issues regarding public keys and identity must be addressed.

Access Control Elements

Subjects, Objects, Access Rights

  • Subjects: Can be users or software running on behalf of users.

  • Objects: Resources such as files or applications that need protection.

  • Access Rights: Define actions permissible with objects (e.g., read, write, execute).

Authorization Tables

  • Tracks who can access what resources. Organized for performance.

  • Protection Domains: Set of objects accessible with specific rights.

Historical Context

  • Unix Origin: Derived from the Multics project, aiming for a more accessible yet secure operating system.

    • UNIX allows user-level transactions and reinforces access controls.

Access Control Mechanisms

  • Access Control Matrix: Used to define relations between subjects and objects, keeping track of access provision.

  • Authorization Tables: Maintain detailed records of permissions.

  • Access Control Lists (ACLs): Linked lists detailing who has access to what.

  • Capabilities: Denote what actions users can take on resources.

Protection Domain in Detail

  • Shows how user processes inherit permissions from parent processes.

  • User access is governed by authorization levels and capabilities to prevent unauthorized access.

Frameworks for Trust and Security

Identity Credential Management

  • Important for verifying users in relation to public key infrastructure to maintain secure communications.

Challenges in Large Organizations

  • As user roles change frequently in large companies, access management becomes complex.

  • The principle of leaving documentation for future reference is emphasized for personal efficiency.

Summary of Access Control Policies

  • Role-Based: Tied to a hierarchy and specific permissions.

  • Matrix Management: Involves complex management across different resources.

  • Strength of Access Control: Flexibility and ability to adapt roles and permissions according to the environment needs.

Final Notes

  • Access control extends into many aspects of computing—understanding its structure and implementation is vital for efficient management and security.