Access Control

Authentication - are you who you say you are

Authorization - What are you allowed to access

Access Control Matrix (ACM)

• Rows are subjects, columns are objects (files/resources)

  • tracks which users/subjects/groups can access what resources

ACM is large, use Access Control List

• each object (O(i)) stores a list of users and their permissions

TTC TTU attack

• The state of a resource is checked before it is used but the state could change between the check and use in a way that invalidates the use

• Race Condition

Role Based Access Control

• Access is based on a role of some sort.

  • Users are sorted into groups and groups are given access