User:Leopk01

Access Control:

Access Control is sometimes used to refer to all security features used to prevent unauthorized access to a computer system or network. In this sense, it may be confused with authentication.

Authentication deals with verifying the identity of a subject. The most common method to do this is through the use of a user ID and password. Once the individual has verified their identity, access controls regulate what the individual can actually do on the system. Just because a person is granted entry to the system, that does not mean that they should have access to all data and system contains.

To further illustrate, consider another example. When you go to your bank to make a withdrawal, the teller at the window will verify that you are indeed who you claim to be. This is usually done by asking you to provide some form of identification with you picture on it, such as your driver’s license or CNIC number. You may also have to provide information such as you bank account number. Once the teller verifies your identity, you will have proved that you are a valid customer of the bank. This does not, however, mean that you have the ability to view all information that the bank protects, such as your neighbor’s balance. The teller will control what information, and funds, you may have access to and will grant you access only to that which you are authorized. In this example, your identification and bank account number serve as your method of authentication and the teller serve as the access control mechanism.

In computer systems and networks, there are several ways that access controls can be implemented. An access control matrix provides the simplex framework for illustrating the process.

While simple to understand, the access control matrix is seldom used in computer systems because it is extremely costly in terms of storage space and processing, imagine the size of an access control matrix for a large network with hundreds of users and thousands of files.

The actual mechanics of how access controls are implemented in a system varies, \though access control list (ACLs) are common. An ACL is nothing more than a list that contains the subjects that have access rights to a particular object. The list will identify not only the subject but the specific access that subject has for the object. Typical types of access include read, write, and execute as indicated in our example access matrix. No matter what specific mechanism is used to implement access controls in a computer system or network, the controls should be based on a specific model of access. Several different models are discussed in security literature, including discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).

Reference: Principles of computer Security book by Wm. Arther Conklin, Gregory B. White, Chuck Cothren, Dwayne Williams, Roger L. Davis

--Tayyab Khadija 06:40, 9 April 2010 (UTC)