SlideShare une entreprise Scribd logo

Data security authorization and access control

Télécharger en tant que PPTX, PDF
L
Leo Mark Villar

Data security authorization and access control

Technologie
1  sur  23
AUTHORIZATION AND ACCESS CONTROL
DATA SECURITY identification Authentication Authorization
AUTHORIZATION • Allows to specify where the party should be allowed or denied access • Implemented through the use of access controls • Allowing access means keeping in mind the PRINCIPLE OF LEAST PRIVELEGE
PRINCIPLE OF LEAST PRIVILEGE • Dictates that we should only allow the bare minimum of access to a party – this might be a person, user account, or process – to allow it to perform the functionality needed of it. • Example : • Employee in Sales Dept. should not need access to data internal to a human resource system in order to do their job
ACCESS CONTROL • the selective restriction of access to a place or other resource • BASIC TASKS • Allow access • Deny access • Limit access • Revoke access
ACCESS CONTROL • ALLOW ACCESS • Giving a particular party, or parties, access to a given resource • DENY ACCESS • Preventing access by a given party to the resource in question
ACCESS CONTROL • LIMIT ACCESS • Allowing some access to a resource but only up to a certain point • REVOKE ACCESS • Taking away access to a resource
ACCESS CONTROL METHODS OF IMPLEMENTATION • Access Control List ( ACL ) • Capability-Based Security
ACCESS CONTROL METHODS USE FOR IMPLEMENTATION • Access Control List ( ACL ) • Used to control access in the file systems on which operating systems run and to control the flow of traffic in the networks to which a system is attached. • typically built specifically to a certain resource containing identifiers of the party allowed to access a resource and what the party is allowed to do in relation to a resource. Alice Allow Bob Deny
FILE SYSTEM ACL • Normally seen in file systems in operating systems to provide access to some files and folders. • PERMISSIONS • Read • Write • Execute • ACCESS PERMISSION GIVEN TO • User • Group • Others
FILE SYSTEM ACL
NETWORK ACL • IP address • MAC address • Ports • FTP uses port 20 and 21 to transfer file • Internet Message Access Protocol (IMAP) uses port 143 for managing email
CAPABILITY-BASED SECURITY • Oriented around the use of a token that controls an access • Based entirely on the possession of the token and not who possesses it
ACCESS CONTROL MODELS • Discretionary Access Control • Mandatory Access Control • Role-Based Access Control • Attribute-Based Access Control • Multi-level Access Control
DISCRETIONARY ACCESS CONTROL • Model of access control based on access determined by the owner of the resource. • The owner can decide who does and does not have access and what access they are allowed to have
MANDATORY ACCESS CONTROL • Model of access control which the owner of the resource does not get to decide who gets to access it but instead access is decided by a group or individual who has the authority to set access on resources. • Example : • Government organizations where access to a resource is dictated by the sensitivity label applied to it (secret, top secret etc)
ROLE-BASED ACCESS CONTROL • Model of access control where functions of access control is set by an authority responsible for doing so and the basis for providing access is based on the role the individual has to be granted access.
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • SUBJECT ATTRIBUTE • Attributes that a person possess • Example : • “You must be this tall to ride” • Captcha – Completely Automated Public Turing Test to Tell Humans and Computers Apart
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • RESOURCE ATTRIBUTE • Attributes that is related to a particular resource like OS or application • Example • Software running on a particular OS • Web site that works on a certain browser
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • ENVIRONMENT ATTRIBUTE • Attributes used to enable access controls that operate based on environmental conditions • Example • Time attribute
MULTI-LEVEL ACCESS CONTROL • Model of access control that uses two or more methods to improve security of a resource • Bell-LaPadula Model • Biba Model • Brewer and Nash
PHYSICAL ACCESS CONTROL • Concerned with controlling the access of individuals and vehicles • Access of individuals such as in and out of a building or facility. • TAILGATING occurs when we authenticate to the physical control measure such as a badge and then another person follows directly behind us without authenticating themselves.
PHYSICAL ACCESS CONTROL • For vehicles, simple barriers, one-way spike strips, fences, rising barriers, automated gates or doors

Recommandé

An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
2. access control
2. access control2. access control
2. access control7wounders
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 

Recommandé

An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
2. access control
2. access control2. access control
2. access control7wounders
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFAJack Forbes
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Chapter 4
Chapter 4Chapter 4
Chapter 4Amy McMullin
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
System security
System securitySystem security
System securitysommerville-videos
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Date security security principles
Date security security principlesDate security security principles
Date security security principlesLeo Mark Villar
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 

Contenu connexe

Tendances

Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 

Tendances (20)

Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware Attacks
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Database security
Database securityDatabase security
Database security
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Database security
Database securityDatabase security
Database security
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
System security
System securitySystem security
System security
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Database security
Database securityDatabase security
Database security
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 

En vedette

Date security security principles
Date security security principlesDate security security principles
Date security security principlesLeo Mark Villar
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
Authentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud ComputingAuthentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud ComputingNafiseh-Kahani
 
security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...CCTV Bangalore
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access controlElimity
 
Advanced User Privileges
Advanced User PrivilegesAdvanced User Privileges
Advanced User PrivilegesArena PLM
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityBarry Smith
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...Binu Ramakrishnan
 
from text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Ontofrom text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2OntoRadhoueneRouached
 
Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...Natalia Díaz Rodríguez
 
PowerShell Technical Overview
PowerShell Technical OverviewPowerShell Technical Overview
PowerShell Technical Overviewallandcp
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Ontology Engineering for Big Data
Ontology Engineering for Big DataOntology Engineering for Big Data
Ontology Engineering for Big DataKouji Kozaki
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsDepartment of Defense
 

En vedette (20)

Date security security principles
Date security security principlesDate security security principles
Date security security principles
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
 
Authentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud ComputingAuthentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud Computing
 
security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access control
 
Info hiding
Info hidingInfo hiding
Info hiding
 
Advanced User Privileges
Advanced User PrivilegesAdvanced User Privileges
Advanced User Privileges
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
 
Efecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajesEfecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajes
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShell
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...
 
Chapter17
Chapter17Chapter17
Chapter17
 
from text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Ontofrom text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Onto
 
Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...
 
PowerShell Technical Overview
PowerShell Technical OverviewPowerShell Technical Overview
PowerShell Technical Overview
 
8. operations security
8. operations security8. operations security
8. operations security
 
Powershell Demo Presentation
Powershell Demo PresentationPowershell Demo Presentation
Powershell Demo Presentation
 
Ontology Engineering for Big Data
Ontology Engineering for Big DataOntology Engineering for Big Data
Ontology Engineering for Big Data
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And Indicators
 

Similaire à Data security authorization and access control

CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsSam Bowne
 
Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountabilityLeo Mark Villar
 
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud SecuritySameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud SecuritySameer Mitter
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Cm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_controlCm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_controldcervigni
 
Final year presentation
Final year presentationFinal year presentation
Final year presentationAbhishek Jain
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptxUgyenWangmo8
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggSaurabh846965
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
Security Principles and Protection Mechanism
Security Principles and Protection MechanismSecurity Principles and Protection Mechanism
Security Principles and Protection MechanismMona Rajput
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Addressing Top API Security Risks
Addressing Top API Security RisksAddressing Top API Security Risks
Addressing Top API Security RisksNordic APIs
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsLionel Briand
 

Similaire à Data security authorization and access control (20)

CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access Controls
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountability
 
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud SecuritySameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud Security
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
 
Cm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_controlCm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_control
 
Final year presentation
Final year presentationFinal year presentation
Final year presentation
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptx
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
Topic 7 access control
Topic 7 access controlTopic 7 access control
Topic 7 access control
 
Security Principles and Protection Mechanism
Security Principles and Protection MechanismSecurity Principles and Protection Mechanism
Security Principles and Protection Mechanism
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 
Addressing Top API Security Risks
Addressing Top API Security RisksAddressing Top API Security Risks
Addressing Top API Security Risks
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web Applications
 

Plus de Leo Mark Villar

Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authenticationLeo Mark Villar
 
Date security introduction
Date security introductionDate security introduction
Date security introductionLeo Mark Villar
 
Computer fundamentals-internet p2
Computer fundamentals-internet p2Computer fundamentals-internet p2
Computer fundamentals-internet p2Leo Mark Villar
 
Computer fundamentals-internet p1
Computer fundamentals-internet p1Computer fundamentals-internet p1
Computer fundamentals-internet p1Leo Mark Villar
 

Plus de Leo Mark Villar (10)

Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authentication
 
Date security introduction
Date security introductionDate security introduction
Date security introduction
 
Web programming
Web programmingWeb programming
Web programming
 
Computer fundamentals-internet p2
Computer fundamentals-internet p2Computer fundamentals-internet p2
Computer fundamentals-internet p2
 
Computer fundamentals-internet p1
Computer fundamentals-internet p1Computer fundamentals-internet p1
Computer fundamentals-internet p1
 
Html
HtmlHtml
Html
 
Team foundation server
Team foundation serverTeam foundation server
Team foundation server
 
Microsoft office 2013
Microsoft office 2013Microsoft office 2013
Microsoft office 2013
 
Sql performance tuning
Sql performance tuningSql performance tuning
Sql performance tuning
 
Angular js
Angular jsAngular js
Angular js
 

Dernier

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Dernier (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Data security authorization and access control

  • 3. AUTHORIZATION • Allows to specify where the party should be allowed or denied access • Implemented through the use of access controls • Allowing access means keeping in mind the PRINCIPLE OF LEAST PRIVELEGE
  • 4. PRINCIPLE OF LEAST PRIVILEGE • Dictates that we should only allow the bare minimum of access to a party – this might be a person, user account, or process – to allow it to perform the functionality needed of it. • Example : • Employee in Sales Dept. should not need access to data internal to a human resource system in order to do their job
  • 5. ACCESS CONTROL • the selective restriction of access to a place or other resource • BASIC TASKS • Allow access • Deny access • Limit access • Revoke access
  • 6. ACCESS CONTROL • ALLOW ACCESS • Giving a particular party, or parties, access to a given resource • DENY ACCESS • Preventing access by a given party to the resource in question
  • 7. ACCESS CONTROL • LIMIT ACCESS • Allowing some access to a resource but only up to a certain point • REVOKE ACCESS • Taking away access to a resource
  • 8. ACCESS CONTROL METHODS OF IMPLEMENTATION • Access Control List ( ACL ) • Capability-Based Security
  • 9. ACCESS CONTROL METHODS USE FOR IMPLEMENTATION • Access Control List ( ACL ) • Used to control access in the file systems on which operating systems run and to control the flow of traffic in the networks to which a system is attached. • typically built specifically to a certain resource containing identifiers of the party allowed to access a resource and what the party is allowed to do in relation to a resource. Alice Allow Bob Deny
  • 10. FILE SYSTEM ACL • Normally seen in file systems in operating systems to provide access to some files and folders. • PERMISSIONS • Read • Write • Execute • ACCESS PERMISSION GIVEN TO • User • Group • Others
  • 12. NETWORK ACL • IP address • MAC address • Ports • FTP uses port 20 and 21 to transfer file • Internet Message Access Protocol (IMAP) uses port 143 for managing email
  • 13. CAPABILITY-BASED SECURITY • Oriented around the use of a token that controls an access • Based entirely on the possession of the token and not who possesses it
  • 14. ACCESS CONTROL MODELS • Discretionary Access Control • Mandatory Access Control • Role-Based Access Control • Attribute-Based Access Control • Multi-level Access Control
  • 15. DISCRETIONARY ACCESS CONTROL • Model of access control based on access determined by the owner of the resource. • The owner can decide who does and does not have access and what access they are allowed to have
  • 16. MANDATORY ACCESS CONTROL • Model of access control which the owner of the resource does not get to decide who gets to access it but instead access is decided by a group or individual who has the authority to set access on resources. • Example : • Government organizations where access to a resource is dictated by the sensitivity label applied to it (secret, top secret etc)
  • 17. ROLE-BASED ACCESS CONTROL • Model of access control where functions of access control is set by an authority responsible for doing so and the basis for providing access is based on the role the individual has to be granted access.
  • 18. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • SUBJECT ATTRIBUTE • Attributes that a person possess • Example : • “You must be this tall to ride” • Captcha – Completely Automated Public Turing Test to Tell Humans and Computers Apart
  • 19. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • RESOURCE ATTRIBUTE • Attributes that is related to a particular resource like OS or application • Example • Software running on a particular OS • Web site that works on a certain browser
  • 20. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • ENVIRONMENT ATTRIBUTE • Attributes used to enable access controls that operate based on environmental conditions • Example • Time attribute
  • 21. MULTI-LEVEL ACCESS CONTROL • Model of access control that uses two or more methods to improve security of a resource • Bell-LaPadula Model • Biba Model • Brewer and Nash
  • 22. PHYSICAL ACCESS CONTROL • Concerned with controlling the access of individuals and vehicles • Access of individuals such as in and out of a building or facility. • TAILGATING occurs when we authenticate to the physical control measure such as a badge and then another person follows directly behind us without authenticating themselves.
  • 23. PHYSICAL ACCESS CONTROL • For vehicles, simple barriers, one-way spike strips, fences, rising barriers, automated gates or doors