Access control is basically a security function which is used to protect shared resources with unauthorized access. Distinction between authorized and unauthorized access is made as per the access control policy. It mainly focuses on security requirements such as confidentiality and integrity of data or other resources to prevent authorized use of resources and Dos threats to legitimate users. Access control system consists of two separate mechanism named as an enforcement mechanism and decision function. All the security controls are intercepted and inspected in enforcement mechanism and then it depends of decision functions to verify whether the access complies with security policy or not.
Intent & rationale
The aim of the access control policy design is to ensure that information access must be controlled and restricted in every level of organization. The level of restriction over individual are directed on the basis of its position in organization. The main intent of access control policy is to safe guard sensitive and confidential information of organization. The policy will be applicable for all the stakeholders of an organization. After the implementation of access control policy, every user will get a privileged account from system administrative which define its access over the information technology.
Access Control Model
A description of allowed or denied access of the services is known as access control policy. The model defines how resources, accesses and other factors can be represented along with the changing configurations. Access control models determines reliability and flexibility of its policies. It is the fact that, there is no single access model that can be fitted for all access policies. The access control model provides access controls only to its owner and legal management team.
Types of access control mechanism
- Discretionary access control (DAC): In this access control, owner of the resource provide access to the other users on the basis of discretion. Discretion is the measure of revealing confidential information to the users of organization. Access control lists is one of the common example of discretionary access control mechanism. This mechanism enable system administrative in order to limit propagation of access rights to users.
- Mandatory access control (MAC): In the access control mechanism, access rights of users are monitored by central authority on the basis of multiple levels. The operating system and kernels are distinguished on which users will be granted or restricted for privilege. Every individual user is allotted with security labels which are helpful detect individual identity on the information system.
- Role based access control (RBAC): Role based access control mechanisms are widely used in order to restrict unauthorized access to computer resources of individuals or groups with defined business functions instead of identities of individual users. In order to regulate access of employee to the system, access control security model relies on a complex structure of assigning and authorizing roles of engineering
- Rule based access control (RAC): Rule-based access control is a mechanism, which defines a security model for administrator to define the rules in order to govern access to resource objects in well-structured manner. These particular rules of are based on time, day and locations. Rule based access control mechanism can be integrated with role based access control mechanism in order to enforce stronger access policies and procedure.
- Attribute based access control (ABAC): Attribute based mechanism work on the various set of principles, policies and dependency constraints. Individual are identified in the basis of attributes of users, environmental conditions and system values.