The mechanism that regulates who (subjects) can access what (objects) and in what way. Protects system resources (files, devices, memory, and network connections). Enforces CIA.
Should be robust, easy to use and efficient.
Access Control Paradigm
Defines the fundamental entities and interactions in access control.
- Subjects
users, processes, devices - Objects
files, programs, memory, hardware, etc. - Access modes
read, write, execute, delete, create, etc.
Access Policies
Define the rules that determine whether access is allowed or denied.
Reference Monitor
A trusted component that mediates all access between subjects and objects.
Must be:
- always invoked (no bypass)
- tamper-proof
- verifiably correct
Implementations
Access Control Matrix
Represents permissions as a matrix of subjects (rows) vs objects (columns). Intersecting cells mention what permissions are assigned. Conceptually simple. Large and sparse matrix. Inefficient in terms of space. Hardly used in real life.
Access Control Directory
Uses per-user directories to list accessible objects. Users controls permissions to the objects they own. A user cannot modify their own directory.
Issues:
- scalability (when too many objects)
- revocation complexity
- propagation of rights
Access Control List
Aka. ACL. Stores permissions per object. Each object has a list of users and their rights.
Common in file systems (e.g., UNIX, Windows).
Capability
An unforgeable passive token granting access rights to an object. Maybe encrypted.
Procedure-Oriented Access Control
Access is controlled through procedures (functions). Procedures enforce rules before granting access. Flexible approach. Might not be the most performant.
Role-Based Access Control
Aka. RBAC. Access rights are assigned to group of users (aka. roles) rather than individual users. Groups would support hierarchy. Simplifies management in large systems.