Access Control Models

The main characteristics of the three different access control models are important to understand.

• DAC (Discretionary Access Control) Data owners decide who has access to resources, and ACLs are used to enforce the security policy.
• MAC(Mandatory Access Control) Operating systems enforce the system’s security policy through the use of security labels. Eg: security clearance,In a military environment, the classifications
  could be top secret, secret, confidential, and unclassified.A commercial organization might use confidential, proprietary, corporate, and sensitive.
• RBAC(Role-Based Access Control) Access decisions are based on each subject’s role and/or functional position.

Once an organization determines what type of access control model it is going to use, it needs to identify and refine its technologies and techniques to support that model.

Access Control Techniques

Access control techniques are used to support the access control models.

• Access control matrix Table of subjects and objects that outlines their access relationships
• ACL Bound to an object and indicates what subjects can access it
• Capability table Bound to a subject and indicates what objects that subject can access
• Content-based access Bases access decisions on the sensitivity of the data, not solely on subject identity
• Context-based access Bases access decisions on the state of the situation, not solely on identity or content sensitivity
• Restricted interface Limits the user’s environment within the system, thus limiting access to objects
• Rule-based access Restricts subjects’ access attempts by predefined rules