Scribd
Upload
52 views20 pages

Authorization and Access Control

This document discusses various methods of authorization and access control. It describes principles like least privilege and different access control models like discretionary access control and mandatory access control. It also covers specific access control methods like access control lists, capabilities, roles, and attributes. Common attacks on access control like CSRF and clickjacking are mentioned. Physical access controls and CAPTCHAs are briefly discussed as well.

Uploaded by

KATHLENE CORPUS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
52 views20 pages

Authorization and Access Control

This document discusses various methods of authorization and access control. It describes principles like least privilege and different access control models like discretionary access control and mandatory access control. It also covers specific access control methods like access control lists, capabilities, roles, and attributes. Common attacks on access control like CSRF and clickjacking are mentioned. Physical access controls and CAPTCHAs are briefly discussed as well.

Uploaded by

KATHLENE CORPUS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Authorization

and Access
Control
Authorization

• Allows us to specify where the


party should be allowed or denied
access .
Principle of Least Privilege

• We should only allow the bare minimum of access to a party to


perform the functionality needed of it.
Access control

• allowing access
• denying access
• limiting access
• revoking access
Methods to implement access control

Access Control List


• Referred to as “ackles”
• Used to control access in the file
systems and to control the flow of
traffic in the networks.
File Systems aCls

• read, write, and execute,


• rwxrwxrwx
• user, group, and other ACLs
network aCls access controlled by the identifiers we use for
network transactions, such as Internet Protocol
(IP) addresses, Media Access Control (MAC)
addresses, and ports.

The simplest forms of network-oriented is MAC


address filtering.
Capability-based security

The right to access a


Oriented around the use
resource is based entirely
of a token that controls
on possession of the
our access.
token.
Confused
Common in systems that use ACLs.
deputy problem

Seen when the software with access to a


resource has a greater level of permission to
access the resource than the user who is
controlling the software.
Client-side • Attacks that take advantage of weaknesses in applications
that are running on the computer being operated directly by
attacks the user, often referred to as the client.
CSRF (cross-site
request forgery)
• attack that misuses the authority
of the browser on the user’s
computer.
Clickjacking

• Also known as user interface


redressing.
Access Control Methodologies

• Means by which we implement authorization and deny or allow


access to parties, based on what resources we have determined they
should be allowed access to.
Access Control Models

Discretionary Access Control


• Model of access control based on
access being determined by the
owner of the resource in question.
Mandatory Access Control

• The owner of the resource does


not get to decide who gets to
access it, but instead access is
decided by a group or individual
who has the authority to set access
on resources.
Role-based access
control
• Based on the role the individual
being granted access is
performing.
Attribute-based Access Control

• Logically based on attributed


• CAPTCHA
Completely Automated Public Turing Test to Tell Humans and Computers
Apart
Physical Access Controls

• Access control for individuals often revolves around controlling movement into and out of
buildings or facilities .
THANK YOU!

You might also like