1. Discretionary Access Control (DAC)
1.1. Type of access control system that assigns access rights based on rules specified by users.
1.2. Principle behind DAC is that subjects can determine who has access to their objects.
1.3. The DAC model takes advantage of using access control lists (ACLs).
1.3.1. Capability tables contain rows with ‘subject’
1.3.2. Columns containing ‘object’
1.4. The security kernel within the operating system checks the tables to determine if access is allowed.
1.4.1. Sometimes a subject/program may only have access to read a file
1.4.2. Security kernel makes sure no unauthorized changes occur
1.5. Implementation
1.5.1. Utilized by some of the most popular operating systems,
1.5.1.1. Microsoft Windows file systems.
2. Mandatory Access Control (MAC)
2.1. The design and implementation of MAC is commonly used by the government.
2.2. Uses a hierarchical approach to control access to files/resources.
2.2.1. Controlled by the settings defined by a system administrator.
2.2.2. Under a MAC environment, access to resource objects
2.3. This means access to resource objects is controlled by the operating system.
2.3.1. What the system administrator configured in the settings.
2.4. MAC uses “security labels” to assign resource objects on a system.
2.4.1. There are two pieces of information connected to these security labels:
2.4.1.1. classification (high, medium, low)
2.4.1.2. category (specific department or project – provides “need to know”).
2.5. Each user account is also assigned classification and category properties.
2.5.1. System provides users access to an object if both properties match.
2.6. Implementation
2.6.1. MAC system added integrity levels (IL) to process/files running login session.
2.6.1.1. Windows Vista-8 used a variant of MAC with what they called,
2.6.1.2. Mandatory Integrity Control (MIC)
3. Role-based Access Cotrol (RBAC)
3.1. Non-discretionary access control, is used when system administrators need to assign rights.
3.1.1. Organizational roles instead of individual user accounts within an organization
3.2. Opportunity for the organization to address the principle of ‘least privilege’.
3.3. Individual only the access needed to do their job.
3.3.1. Since access is connected to their job.
4. Attribute-based Access Control (ABAC)
4.1. This is a methodology that manages access rights.
4.1.1. Evaluating a set
4.1.1.1. rules
4.1.1.2. policies
4.1.1.3. relationships
4.1.2. Using the attributes of users, systems and environmental condition
5. Rule-based Access Control (RBAC)
5.1. This is a security model in which the system administrator.
5.1.1. The rules that govern access to resource objects.
5.2. Rules are based on conditions.
5.2.1. Such as time of day or location
5.2.2. Not uncommon to use some form of both rule-based access control.