What is Access Control?
It is a system/service which enables an ability to control access to areas and resources in computer-based information system or physical facility.
What is AAA?
AAA refers to Authentication, Authorization & Accountability.
Authentication: refers to a process of proving that you are someone whom you claim to be based below factors:
a. Something you know, like passcode, password, etc
b. Something you have, like smart card, etc
c. Something you are, like biometric (fingerprint, retina scan, etc)
d. Where you are, like in office, outside office, etc
Authorization: refers to a process which decides what a person can do or perform action on objects. Like based on your authorization level you may read some document but can’t write.
Accountability: refers to process which associates a subject with its actions. Like audit trails, logs, etc.
What are the models of Access Control?
The most common models are Discretionary Access Control & Non-Discretionary Access Control. Under Non-Discretionary Access Control, we have Mandatory Access Control (MAC), and Role Based Access Control (RBAC)
Discretionary Access Control (DAC): The owner of the object would decide that who is allowed to access & under what privileges.
Mandatory Access Control (MAC): The system would decide that who is allowed to access & under what privileges based on labels assigned to each object & subject. If both labels (subject & object) are same than access is provided.
Role Based Access Control (RBAC): The system would decide that who is allowed to access & under what privilege based on the role of individuals.
No comments:
Post a Comment