ACESS CONTROL MODELS

Access Control Models

NT2580: Unit 3
Daniel Ross
ITT Technical Institute

ACESS CONTROL MODELS

Mandatory access control In computer security Mandatory Access Control (MAC) is a

type of access control in which only the administrator manages the access controls. The
administrator defines the usage and access policy, which cannot be modified or changed by
users, and the policy will indicate who has access to which programs and files. MAC is most
often used in systems where priority is placed on confidentiality.
(http://www.webopedia.com/TERM/M/Mandatory_Access_Control.html, n.d.)
Discretionary access controls - is a type of security access control that grants or restricts
object access via an access policy determined by an object's owner group and/or subjects. DAC
mechanism controls are defined by user identification with supplied credentials during
authentication, such as username and password. DACs are discretionary because the subject
(owner) can transfer authenticated objects or information access to other users. In other words,
the owner determines object access privileges.
(http://www.techopedia.com/definition/229/discretionary-access-control-dac, n.d.)
Role-based access controls - RBAC is a secure method of restricting account access to
authorized users. This method enables the account owner to add users to the account and assign
each user to specific roles. Each role has specific permissions defined by Rackspace. RBAC
allows users to perform various actions based on the scope of their assigned role.
The account owner has the ability to create up to 100 users, each with their own password, secret
question and answer, and API key.
(http://www.rackspace.com/knowledge_center/article/overview-role-based-access-control-rbac,
n.d.)

ACESS CONTROL MODELS

Rule based access control - Rule Based Access Control will dynamically assign roles to
users based on criteria defined by the custodian or system administrator. For example, if
someone is only allowed access to files during certain hours of the day, Rule Based Access
Control would be the tool of choice. The additional rules of Rule Based Access Control
requiring implementation may need to be programmed into the network by the custodian or
system administrator in the form of code versus checking the box.
(http://resources.infosecinstitute.com/access-control-models-and-methods/, n.d.)
Content-dependent access control - Content-dependent access control, where the access
decisions depend upon the value of an attribute of the object itself, is required in many
applications. However problems arise in an object-based environment, because obtaining the
value of an object's attribute requires an operation upon the object. We discuss the conceptual
and performance implications of introducing content-dependent access control, and suggest how
the problems can be avoided in some cases by using a domain-based approach to access control.
(http://dl.acm.org/citation.cfm?id=122125, n.d.)
Nondiscretionary access control - Non-discretionary access control is when the overall
system administrator (or a single management body) within an organization tightly controls
access to all resources for everybody on a network.

Think of discretionary access controls like a democratic country. Everyone has their say as to
who can do what in their country. Non-discretionary access control, on the other hand, is like
dictatorship/communism. Only the government can specify what can or cannot be done.
(http://www.answers.com/Q/What_is_Non_discretionary_access_control, n.d.)

ACESS CONTROL MODELS

Scenario 1: (DAC) Discretionary Access Control. I chose this one because that the
business is small and no need of higher security measures, now this would be the easiest to
maintain and monitor for a small business.
Scenario 2: (MAC) Mandatory Access Control. The fact that the employees primarily
communicate using smartphones which proves as a possible security risk With MAC it is still
easily monitored for a small business.
Scenario 3: (RBAC) Role Based Access Control. I chose this because of the size of the
company and because their employees travel and work from home. The roles set by a Security
Administrator would be the most secure and effective way of providing different function levels
of clearance to individual users. It would take time to start from nothing but, once the security
measures are in place it would be easy to monitor and manage.
Scenario 4: Content-Dependent Access Control. Everything that the company does
depends on the individual material being manufactured the above Access Control type should be
apparent. Giving permissions by what is contained in each individual file is more costly but, a lot
more secure. It also allows the company to monitor data sent as each document is given its own
set of roles.
Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security
measures would be assigned to each user and monitored by the security administrator. Using this
Access control method would allow for high-grade security with manageability in mind.
Allowing each user a set of permissions dependent on their group, or role, allows the system
admin to more easily monitor security by group; which is good for a military network.

ACESS CONTROL MODELS

References
http://dl.acm.org/citation.cfm?id=122125. (n.d.).
http://resources.infosecinstitute.com/access-control-models-and-methods/. (n.d.).
http://www.answers.com/Q/What_is_Non_discretionary_access_control. (n.d.).
http://www.rackspace.com/knowledge_center/article/overview-role-based-access-control-rbac.
(n.d.).
http://www.techopedia.com/definition/229/discretionary-access-control-dac. (n.d.). Retrieved
from http://www.techopedia.com:
http://www.techopedia.com/definition/229/discretionary-access-control-dac
http://www.webopedia.com/TERM/M/Mandatory_Access_Control.html. (n.d.).