Advertisement

Security and Access Controls: Lesson Plans

  • Izzat Alsmadi
  • Robert Burdwell
  • Ahmed Aleroud
  • Abdallah Wahbeh
  • Mahmood Al-Qudah
  • Ahmad Al-Omari
Chapter

Abstract

Access controls are considered as important security mechanisms. They usually target (authenticated users: Those users who can legally access subject information system or resource). This indicates that they typically come after an initial stage called (authentication). In authentication, the main goal is to decide whether a subject user, traffic or request can be authenticated to access the information resource or not. As such authentication security control decision or output is a binary of either, yes (authenticated; pass-in), or no (unauthenticated; block). Access control or authorization is then considered the second stage in this layered security control mechanism. For example, it is important to decide whether subject user has a view/read, modify, execute, etc. type of permission or privilege on subject information resource. In this chapter, we will cover issues related to access controls in operating systems, databases, websites, etc.

References

  1. Alsmadi, I., & Dianxiang, X. (2015). Security of software defined networks: A survey. Computers & Security, 53, 79–108.CrossRefGoogle Scholar
  2. Domingo-Ferrer, Domingo-Ferrer J. (2009). Inference Control in Statistical Databases. In: LIU L., ÖZSU M.T. (eds) Encyclopedia of Database Systems. Springer, Boston, MA.Google Scholar
  3. Li, N., Mao, Z., & Chen, H. (2007). Usable mandatory integrity protection for operating systems. In Proceedings of IEEE symposium on security and privacy (pp. 164–178). Berkeley, California: IEEE Computer Society Press.Google Scholar
  4. Miltchev, S., et al. (2008). Decentralized access control in distributed file systems. ACM Computing Surveys (CSUR), 40(3), 10.CrossRefGoogle Scholar
  5. NIST. (2010). A report on: 2010 economic analysis of role-based access control. http://csrc.nist.gov/groups/SNS/rbac/documents/20101219_RBAC2_Final_Report.pdf.
  6. Shaffer, M. (2000). Filesystem security – ext2 extended attributes [online]. Available from: http://www.securityfocus.com/infocus/1407.

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  • Robert Burdwell
    • 1
  • Ahmed Aleroud
    • 2
  • Abdallah Wahbeh
    • 3
  • Mahmood Al-Qudah
    • 4
  • Ahmad Al-Omari
    • 5
  1. 1.Texas A&M University San AntonioSan AntonioUSA
  2. 2.Department of Computer Information SystemsYarmouk UniversityIrbidJordan
  3. 3.Slippery Rock University of PennsylvaniaSlippery RockUSA
  4. 4.Yarmouk UniversityIrbidJordan
  5. 5.Schreiner UniversityKerrvilleUSA

Personalised recommendations