The Core of Access Control
There are four things core to access control: identification, authentication, authorization, and accountability.
Identification describes the process of verifying that a service is who it claims to be. When a subject makes a request to use an object or it's data, unique credentials such as a user name or MAC address can be provided as a way of identification. This process works closely with authentication. Along with some piece of identifying information, the subject will supply some sort of password, passphrase, key, or any other piece of information that proves the subject is who it claims to be. Authentication can be achieved through something a subject knows (password), something a subject has (key or badge), or something a subject is (biometrics). While only one is required, many systems use two-factor, or strong, authentication. By requiring a subject to supply two forms of authentication, security is greatly strengthened.
Once a subject has been identified and authenticated, the object must then decided if the subject has the proper authorization to access the object or it's data. For example, while a user may be able to log on to a shared network using their ID and password (identification and authentication), they may not be allowed to access certain shared folders on the network drives.
Finally, it is important for access controls to maintain accountability. This process ensures that the subject is held responsible for it's actions. If a user accesses a shared folder and totally destroys it, the access controls need to be able to identify which user was responsible. It is for this reason that it is extremely important that subjects are uniquely identified.
These four concepts are at the core of access controls and play a critical role in any system's security.
No comments:
Post a Comment