NoteVerse

Access control mechanism

Comprehensive study notes, diagrams, and exam preparation for Access control mechanism.

Access Control Mechanism

Definition

Access Control is a fundamental security technique that regulates who or what can view, use, or modify resources in a computing environment. It acts as a digital gatekeeper, ensuring that authenticated users are granted the minimum level of access necessary to perform their specific job functions, thereby maintaining the confidentiality, integrity, and availability of sensitive data.

Main Content

1. Discretionary Access Control (DAC)

  • The owner of the resource has complete discretion to determine who is granted access permissions.
  • It is highly flexible but often considered less secure because users can inadvertently share files or set insecure permissions.

2. Mandatory Access Control (MAC)

  • Access is determined by a central authority based on system-wide security labels or classifications (e.g., Confidential, Secret, Top Secret).
  • Users cannot change permissions, making this model ideal for military or high-security government environments where information sensitivity is paramount.

3. Role-Based Access Control (RBAC)

  • Access rights are grouped by roles (e.g., Manager, Developer, Auditor) rather than individual user identities.
  • It simplifies administration by allowing system administrators to assign permissions to a role, and then simply assigning users to those roles.

Working / Process

1. Identification

  • The user provides a unique identifier, such as a username, to the system to declare their identity.
  • The system recognizes the user, but this stage does not prove that the user is who they claim to be.

2. Authentication

  • The system verifies the user's identity through credentials, such as passwords, biometric scans, or multi-factor authentication (MFA) tokens.
  • Once verified, the system establishes a secure session for the user.

3. Authorization

  • The system checks its internal policy database to determine which specific files or applications the authenticated user has permission to access.
  • If the user attempts to access a restricted file, the access control mechanism checks the user's role or security level and denies or grants access accordingly.
[User Request] --> [Identification] --> [Authentication] --> [Authorization Check] --> [Access Granted/Denied]

Advantages / Applications

  • Enhances Data Security: Prevents unauthorized users from tampering with, stealing, or deleting sensitive company information.
  • Regulatory Compliance: Assists organizations in meeting legal requirements (like GDPR or HIPAA) by maintaining strict records of who accessed what data.
  • Operational Efficiency: Reduces the time spent on manual access management by utilizing automated role-based systems.
  • Risk Mitigation: Limits the "blast radius" if a user account is compromised, as access is restricted strictly to the user's defined permissions.

Summary

Access control is the essential security process of identifying, authenticating, and authorizing users to ensure they only interact with the digital resources they are permitted to use. It protects systems from unauthorized entry and ensures accountability through structured models like DAC, MAC, and RBAC. Important terms to remember include Authentication (verifying identity), Authorization (granting permissions), Principle of Least Privilege (giving minimum access), and Access Control List (ACL).

← Prev: Authorization
Next: X.509 Digital Certificate →