Presentation is loading. Please wait.

Presentation is loading. Please wait.

AUTHORIZATION AND ACCESS CONTROL DATA SECURITY identification Authentication Authorization.

Published byJanvi Patel Modified over 4 years ago

Similar presentations

Presentation on theme: "AUTHORIZATION AND ACCESS CONTROL DATA SECURITY identification Authentication Authorization."— Presentation transcript:

1

2 AUTHORIZATION AND ACCESS CONTROL

3 DATA SECURITY identification Authentication Authorization

4 AUTHORIZATION Allows to specify where the party should be allowed or denied access Implemented through the use of access controls Allowing access means keeping in mind the PRINCIPLE OF LEAST PRIVELEGE

5 PRINCIPLE OF LEAST PRIVILEGE Dictates that we should only allow the bare minimum of access to a party – this might be a person, user account, or process – to allow it to perform the functionality needed of it. Example : Employee in Sales Dept. should not need access to data internal to a human resource system in order to do their job

6 ACCESS CONTROL the selective restriction of access to a place or other resource BASIC TASKS Allow access Deny access Limit access Revoke access

7 ACCESS CONTROL ALLOW ACCESS Giving a particular party, or parties, access to a given resource DENY ACCESS Preventing access by a given party to the resource in question

8 ACCESS CONTROL LIMIT ACCESS Allowing some access to a resource but only up to a certain point REVOKE ACCESS Taking away access to a resource

9 ACCESS CONTROL MODELS Discretionary Access Control Mandatory Access Control Role-Based Access Control Attribute-Based Access Control Multi-level Access Control

10 DISCRETIONARY ACCESS CONTROL Model of access control based on access determined by the owner of the resource. The owner can decide who does and does not have access and what access they are allowed to have

11 MANDATORY ACCESS CONTROL Model of access control which the owner of the resource does not get to decide who gets to access it but instead access is decided by a group or individual who has the authority to set access on resources. Example : Government organizations where access to a resource is dictated by the sensitivity label applied to it (secret, top secret etc)

12 ROLE-BASED ACCESS CONTROL Model of access control where functions of access control is set by an authority responsible for doing so and the basis for providing access is based on the role the individual has to be granted access.

13 ATTRIBUTE-BASED ACCESS CONTROL Model of access control based on attributes of a person, a resource or the environment SUBJECT ATTRIBUTE Attributes that a person possess Example : “You must be this tall to ride” Captcha – Completely Automated Public Turing Test to Tell Humans and Computers Apart

14 ATTRIBUTE-BASED ACCESS CONTROL Model of access control based on attributes of a person, a resource or the environment RESOURCE ATTRIBUTE Attributes that is related to a particular resource like OS or application Example Software running on a particular OS Web site that works on a certain browser

15 ATTRIBUTE-BASED ACCESS CONTROL Model of access control based on attributes of a person, a resource or the environment ENVIRONMENT ATTRIBUTE Attributes used to enable access controls that operate based on environmental conditions Example Time attribute

16 MULTI-LEVEL ACCESS CONTROL Model of access control that uses two or more methods to improve security of a resource Bell-LaPadula Model Biba Model Brewer and Nash

17 PHYSICAL ACCESS CONTROL Concerned with controlling the access of individuals and vehicles Access of individuals such as in and out of a building or facility. TAILGATING occurs when we authenticate to the physical control measure such as a badge and then another person follows directly behind us without authenticating themselves.

18 PHYSICAL ACCESS CONTROL For vehicles, simple barriers, one-way spike strips, fences, rising barriers, automated gates or doors

19 THANK YOU

Download ppt "AUTHORIZATION AND ACCESS CONTROL DATA SECURITY identification Authentication Authorization."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Access Control Dr.Talal Alkharobi.

Access Control Dr.Talal Alkharobi.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
User Domain Policies.

User Domain Policies.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google