APEX INSTITUTE OF

TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE
& ENGINEERING
System and Network Security
Faculty: Ms.Sheetal Laroiya (E15433)

DISCOVER . LEARN .
EMPOWER
 Table of content
Access control
Steps in Access control
Terminologies for access control
Principles of Access control
Access Control model
Mandatory Access Control
Discretionary Access Control
Role-Based Access Control
Access Control in Today’s Distributed and Mobile Computing World
 COURSE OUTCOME
CO1: Understand the fundamental principles of network security,
including various types of network attacks, attacker methodologies,
and the key challenges faced in network defense.
CO2: Demonstrate proficiency in implementing security strategies
such as Defense-in-Depth and Continual/Adaptive Security to
safeguard systems and networks from potential threats.
CO3: Identify and apply access control principles and models to
secure technical network resources, ensuring authorized access and
protecting against unauthorized intrusions.
 Content
Access control
Steps in access control
Terminologies used in access control
Principles access control
Access control model
MAC
DAC
Access Control in Today’s Distributed and Mobile Computing World
Access Control
 Steps in Access control

Step 1: A user provides their credentials/identification while logging into the system.
§ Step 2: The system validates the user with the database on the basis of the
provided
credentials/identification such as a password, fingerprint, etc.
§ Step 3: Once the identification is successful, the system provides the user access
to
use the system.
§ Step 4: The system then allows the user to perform only those operations or
access
only those resources for which the user has been authorized.
Terminologies for access control
 Access Control Terminologies

Access Control Terminologies

The following terminologies are used to define the access control on specific
resources:
Subject
A subject can be defined as a user or a process that attempts to access the
objects. The subjects are those entities that perform certain actions on the
system.
Object
An object is an explicit resource on which an access restriction is imposed.
The access controls implemented on the objects further control the actions
performed by the user. Examples of an object are a file or a hardware device.
 Access Control Terminologies

Reference Monitor
A reference monitor monitors the restrictions imposed on the basis
of certain access control rules. It implements a set of rules on the
ability of the subject to perform certain actions on the object.
Operation
An operation is an action performed by a subject on an object. A user
trying to delete a file is an
example of an operation. Here, the user is the subject, the action of
deleting refers to the operation, and the file is the object.
Principles of Access control
Access Control model
 Mandatory Access Control

Mandatory Access Control

The mandatory access control (MAC) determines the usage and access policies for the users.
A user can access a resource only if they have the access rights to that resource. MAC is
applied in the case of data that has been marked as highly confidential
The Advantages and disadvantages of MAC:
It provides a high level of security since the network defenders determine the access
controls.
The MAC policies minimize the chances of errors.
Depending on the MAC, an operating system marks and labels the incoming data, thereby
creating an external application control policy.
Examples of MAC include Security-Enhanced Linux (SELinux) and Trusted Solaris.
 Discretionary Access Control

Discretionary Access Control:Discretionary access control (DAC) determines the

access control taken by any possessor of an object in order to decide the access
control of a subject on that object.
DAC is alternatively named as a need-to-know access model.
The attributes of a DAC include the following:
The owner of an object can transfer the ownership to another user.
The access control prevents multiple unauthorized attempts to access an object.
The DAC prevents unauthorized users from viewing details like the filesize, filename,
directory path, etc.
The DAC uses access control lists in order to identify and authorize users.
 Models

Disadvantage: A DAC requires maintenance of the access control list

and access permissions for the users. Examples of DAC include UNIX,
Linux, and Windows access control.
Role-Based Access Control
In a role-based access control (RBAC), the access permissions are
available based on the access policies determined by the system.
The access permissions are beyond the user control which implies
that users cannot amend the access policies created by the system
 Models

The rules for determining the role-based access controls are as

follows:
§ Role assignment: A certain role is required to be assigned to a user
which enables them to perform a transaction.
§ Role authorization: A user needs to perform a role authorization
in order to achieve a particular role.
§ Transaction authorization: Transaction authorization allows the
users to execute only those transactions for which they have been
authorized.
Access Control in Today’s Distributed and
Mobile Computing World
 Access Control in Today’s Distributed and
Mobile Computing World
Zero Trust Network Model: Never Trust, Always Verify
The zero trust model (never trust, always verify) focuses on security measures
for managing access to the identities, data, and devices and protect the
network from insider and outsider threats.
It emphasizes on visibility, analytics, and automation. In addition to
protecting the organization from security threats, the application of the zero
trust model also aims to provide compliance.
In the zero trust model, in order to strengthen their security posture, the
organizations treat each and every user, application, or service as a threat
instead of implementing a firewall, a demilitarized zone (DMZ), etc.
This provides more flexibility to employees and customers to distribute data
outside the physical network securely.
 Access Control in Today’s Distributed and
Mobile Computing World

The focus areas for the zero trust model are:

Zero trust data
Zero trust networks
Zero trust people
Zero trust devices
Zero trust workloads
Summary
The objective of this section is to explain the concept of access
control by introducing the
principles of access control, the terminologies used, and the different
models that describe how
access control helps in controlling the access of users to specific
resources in a network.
Links : https://youtu.be/J5mzneHw1M4
https://youtu.be/J5mzneHw1M4
Books: ec council ccna
THANK YOU

For queries
Email:
Sheetal.e15433@cu
mail.in