Access Control

Presented By:
Hitesh Aghav(TE-B69)
UNDER THE GUIDANCE OF
PROF. Reshma Patil
 Introduction to Access Control
•Definition: Access control is a security process that regulates who or
what can view, use, or modify resources in a computing environment.

•Purpose: Protects sensitive data, maintains privacy, and prevents

unauthorized access.

•Importance: Essential for maintaining the confidentiality, integrity,

and availability of information.
 Types of Access Control
1.Discretionary Access Control (DAC):
1. Users have control over their resources and can grant access
permissions.
2.Mandatory Access Control (MAC):
1. Centralized policies determine access rights based on security labels.
3.Role-Based Access Control (RBAC):
1. Access based on user roles within an organization, suitable for large
organizations.
4.Attribute-Based Access Control (ABAC):
1. Uses attributes (user, resource, action, environment) to determine
access.
 Access Control Models
•Bell-LaPadula Model:
•Focuses on data confidentiality; restricts information flow to
prevent unauthorized access.

•Biba Model:
•Focuses on data integrity; prevents data modification by
unauthorized sources.

•Clark-Wilson Model:
•Ensures data integrity by defining well-formed transactions and
separation of duties.
 Access Control Mechanisms
•Authentication: Verifies the identity of the user (e.g.,
passwords, biometrics).

•Authorization: Determines permissions or access levels (e.g.,

read, write).

•Accounting/Auditing: Tracks access and actions for

compliance and security monitoring.
Access Control Methods

•Physical Access Control: Uses physical means like ID

badges, biometric scanners, and security personnel.

•Logical Access Control: Controls access to computer

systems and data through software and digital protocols
(e.g., firewalls, encryption).
 Challenges in Access Control
•Scalability: Managing permissions in large, dynamic
environments can be complex.
•Data Sensitivity: Ensuring sensitive data is protected while
allowing necessary access.
•User Management: Ensuring the right users have the correct
access and revoking access for those who don’t need it.
Conclusion and Future Trends
•Conclusion: Access control is a critical component of
cybersecurity, protecting resources from unauthorized access
and ensuring organizational security.
•Future Trends: Moving toward adaptive access control, Zero
Trust architectures, and AI-driven access management for
enhanced security.