Security and Access Controls: Lesson Plans
Access controls are considered as important security mechanisms. They usually target (authenticated users: Those users who can legally access subject information system or resource). This indicates that they typically come after an initial stage called (authentication). In authentication, the main goal is to decide whether a subject user, traffic or request can be authenticated to access the information resource or not. As such authentication security control decision or output is a binary of either, yes (authenticated; pass-in), or no (unauthenticated; block). Access control or authorization is then considered the second stage in this layered security control mechanism. For example, it is important to decide whether subject user has a view/read, modify, execute, etc. type of permission or privilege on subject information resource. In this chapter, we will cover issues related to access controls in operating systems, databases, websites, etc.
- Domingo-Ferrer, Domingo-Ferrer J. (2009). Inference Control in Statistical Databases. In: LIU L., ÖZSU M.T. (eds) Encyclopedia of Database Systems. Springer, Boston, MA.Google Scholar
- Li, N., Mao, Z., & Chen, H. (2007). Usable mandatory integrity protection for operating systems. In Proceedings of IEEE symposium on security and privacy (pp. 164–178). Berkeley, California: IEEE Computer Society Press.Google Scholar
- NIST. (2010). A report on: 2010 economic analysis of role-based access control. http://csrc.nist.gov/groups/SNS/rbac/documents/20101219_RBAC2_Final_Report.pdf.
- Shaffer, M. (2000). Filesystem security – ext2 extended attributes [online]. Available from: http://www.securityfocus.com/infocus/1407.