Hint

Swipe to navigate through the chapters of this book

2020 | OriginalPaper | Chapter

9. Access Control and Authorization

Author: Joseph Migga Kizza

Publisher: Springer International Publishing

Published in: Guide to Computer Network Security

» Get access to the full version

Abstract

Access control is a process to determine “Who does what to what,” based on a policy.

One of the system administrator’s biggest problems, which can turn into a nightmare if it is not well handled, is controlling access of who gets in and out of the system and who uses what resources, when, and in what amounts. Access control is restricting this access to a system or system resources based on something other than the identity of the user. Access control, consisting of four elements: subjects, objects, operations, and a reference monitor, is one of the major cornerstones of system security. It is essential to determine how access control protection can be provided to each of the system resources. To do this, you need good access control and access protection policies. Authorization, commonly known as access permissions, is a set of access rights and access privileges granted to a user to benefit from a particular system resource. It is a determination of whether a user has permission to access, read, modify, insert, or delete certain data, or to execute certain programs. This chapter focuses on a detailed examination and discussion of these two processes that ensure systems safety.

Please log in to get access to this content

To get access to this content you need the following product:

Computer Science Explorer

Purchase now

Panko RR (2004) Corporate computer and network security. Prentice-Hall, Upper Saddle River

Gollman D (2000) Computer security. Wiley, New York

An introduction to role-based access control. NIST/ITL Bulletin, December, 1995. http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html

Differentiating between access control terms. http://secinf.net/uplarticle/2/Access_Control_WP.pdf

Byers S, Freire J, Silva C. Efficient acquisition of web data through restricted query interfaces. AT&T Labs-Research. http://www10.org/cdrom/posters/p1051/

Bannan K. Watching you, watching me PCs are turning informant. Whose side are they on? PC Magazine, July 1, 2002. http://www.pcmag.com/article2/0,4149,342208,00.asp

Iris scan. http://ctl.ncsc.dni.us/biomet%20web/BMIris.html

NASA World Wide Web Best Practices (2000–2001) Draft version 2.0. http://nasa-wbp.larc.nasa.gov/devel/4.0/4_4.html

Pipkin D (2000) Information security: protecting the global enterprise. Prentice-Hall, Upper Saddle River

10.

Kahan J. A distributed authorization model for WWW. May, 1995. http://www.isoc.org/HMP/PAPER/107/html/paper.html. Accessed on 5/6/2003

11.

NASA. World wide web best practices 2000–2001 draft version 2.0. 8/20/2000. http://nasa-wbp.larc.nasa.gov/devel/4.0/4_4.html. Accessed on 5/6/2003

Title

Access Control and Authorization

Book

Guide to Computer Network Security

Print ISBN: 978-3-030-38140-0

Electronic ISBN: 978-3-030-38141-7

https://doi.org/10.1007/978-3-030-38141-7

DOI

https://doi.org/10.1007/978-3-030-38141-7_9

Author:

Joseph Migga Kizza

Publisher

Springer International Publishing

Sequence number

Chapter number

Macmillian Higher Education