5.2 access control

- Preface

• Enforce access control MAC
• Autonomous access control DAC
• Role-based access control RBAC
• Security level and access control

One 、 Preface

1、 status
In Information Systems , Access control is the second barrier to protect the security of system resources after identity authentication

2、 Definition
Access control assigns and manages permissions according to identity
Access control is to determine
Who can access the system
Who can access the system, when and to what extent these resources are used
3、 Three elements
The first element ： object
Second element ： The main body
Third element ： Security access policy

Two 、 Enforce access control

1、 Mostly used for confidential 、 The military
2、 Each subject and object is given a certain level of security （ Only the system administrator can modify ）, Determine whether the subject can access the object by comparing the security level of the subject and the accessed object
3. The security level is generally 5 level ：
Top secret level T、 Classified S、 Confidentiality C、 Limit level R、 Public level U
T>S>C>R>U
4、MAC The process
1） The subject is assigned a security level （ Safety labels ）
2） The object is also assigned a security level （ Safety labels ）
When access control is executed , Compare the security labels of subject and object
5、 Common mandatory access control models
Lattice Model
BLP Model ： Confidentiality
Biba Model ： integrity

3、 ... and 、 Autonomous access control DAC

1、 Definition ： The object belongs to the subject and independently manages the access rights to the object

2、DAC Implementation method
Access control matrix
Visit the competency table
Access control table
3、 characteristic
Make decisions according to the identity and authority of the subject
A subject with certain access ability can autonomously grant a subset of access rights to other subjects
High flexibility , Be adopted in large quantities
4、 shortcoming
The access permission relationship will change
Unable to control the flow of information

5、 mandatory / The problem of autonomous access control policy

 Forced too strong 
 Autonomous too weak 
 Both of them have a lot of work , Inconvenient to manage 

Four 、 Role-based access control RBAC