UP | HOME
../../

Access Control Models

1 Access Control Principles

  1. Who (subject) can do What (operations) on Whom (objects) ?
  2. Privilege of Least Authority: Who can/ should do an operation P on object B? Among the "who", the group that has the least authority should.
  3. Develop Fine-Grained Access Control Permissions
  4. Ex: Read/write permissions are too coarse. A "back-up operator" can be given rw permissions – but this is too much. We can design/implement a new permission that can "just copy" files. This copy operation is fine grained.
  5. Role Based Access Control (RBAC)

2 Access Control Models and Mechanisms

  1. ./DAC.html Discretionary Access Control; Linux default permissions
  2. ./MAC.html Mandatory Access Control; Users cannot change these policies
  3. ./LKM.html Linux Kernel Modules
  4. ./LSM.html Linux Security Modules
  5. ./selinux.html "Security Enhanced" Linux LSM; contributed by NSA (2000s?)
  6. ./seandroid.html SELinux adapted to Android

3 End

Copyright © 2017 www.wright.edu/~pmateti • 2017-09-11