SlideShare a Scribd company logo

Data security authorization and access control

Download as pptx, pdf
L
Leo Mark Villar

This document discusses various methods of authorization and access control for data security. It describes identification, authentication, authorization, and the principle of least privilege. Access control methods like access control lists and capability-based security are explained. Different access control models such as discretionary access control, mandatory access control, role-based access control and attribute-based access control are also summarized. Finally, it briefly discusses multi-level access control and physical access control.

1 of 23
Downloaded 137 times
AUTHORIZATION AND ACCESS CONTROL
DATA SECURITY identification Authentication Authorization
AUTHORIZATION • Allows to specify where the party should be allowed or denied access • Implemented through the use of access controls • Allowing access means keeping in mind the PRINCIPLE OF LEAST PRIVELEGE
PRINCIPLE OF LEAST PRIVILEGE • Dictates that we should only allow the bare minimum of access to a party – this might be a person, user account, or process – to allow it to perform the functionality needed of it. • Example : • Employee in Sales Dept. should not need access to data internal to a human resource system in order to do their job
ACCESS CONTROL • the selective restriction of access to a place or other resource • BASIC TASKS • Allow access • Deny access • Limit access • Revoke access
ACCESS CONTROL • ALLOW ACCESS • Giving a particular party, or parties, access to a given resource • DENY ACCESS • Preventing access by a given party to the resource in question
ACCESS CONTROL • LIMIT ACCESS • Allowing some access to a resource but only up to a certain point • REVOKE ACCESS • Taking away access to a resource
ACCESS CONTROL METHODS OF IMPLEMENTATION • Access Control List ( ACL ) • Capability-Based Security
ACCESS CONTROL METHODS USE FOR IMPLEMENTATION • Access Control List ( ACL ) • Used to control access in the file systems on which operating systems run and to control the flow of traffic in the networks to which a system is attached. • typically built specifically to a certain resource containing identifiers of the party allowed to access a resource and what the party is allowed to do in relation to a resource. Alice Allow Bob Deny
FILE SYSTEM ACL • Normally seen in file systems in operating systems to provide access to some files and folders. • PERMISSIONS • Read • Write • Execute • ACCESS PERMISSION GIVEN TO • User • Group • Others
FILE SYSTEM ACL
NETWORK ACL • IP address • MAC address • Ports • FTP uses port 20 and 21 to transfer file • Internet Message Access Protocol (IMAP) uses port 143 for managing email
CAPABILITY-BASED SECURITY • Oriented around the use of a token that controls an access • Based entirely on the possession of the token and not who possesses it
ACCESS CONTROL MODELS • Discretionary Access Control • Mandatory Access Control • Role-Based Access Control • Attribute-Based Access Control • Multi-level Access Control
DISCRETIONARY ACCESS CONTROL • Model of access control based on access determined by the owner of the resource. • The owner can decide who does and does not have access and what access they are allowed to have
MANDATORY ACCESS CONTROL • Model of access control which the owner of the resource does not get to decide who gets to access it but instead access is decided by a group or individual who has the authority to set access on resources. • Example : • Government organizations where access to a resource is dictated by the sensitivity label applied to it (secret, top secret etc)
ROLE-BASED ACCESS CONTROL • Model of access control where functions of access control is set by an authority responsible for doing so and the basis for providing access is based on the role the individual has to be granted access.
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • SUBJECT ATTRIBUTE • Attributes that a person possess • Example : • “You must be this tall to ride” • Captcha – Completely Automated Public Turing Test to Tell Humans and Computers Apart
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • RESOURCE ATTRIBUTE • Attributes that is related to a particular resource like OS or application • Example • Software running on a particular OS • Web site that works on a certain browser
ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • ENVIRONMENT ATTRIBUTE • Attributes used to enable access controls that operate based on environmental conditions • Example • Time attribute
MULTI-LEVEL ACCESS CONTROL • Model of access control that uses two or more methods to improve security of a resource • Bell-LaPadula Model • Biba Model • Brewer and Nash
PHYSICAL ACCESS CONTROL • Concerned with controlling the access of individuals and vehicles • Access of individuals such as in and out of a building or facility. • TAILGATING occurs when we authenticate to the physical control measure such as a badge and then another person follows directly behind us without authenticating themselves.
PHYSICAL ACCESS CONTROL • For vehicles, simple barriers, one-way spike strips, fences, rising barriers, automated gates or doors
Ad

Recommended

Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
2. access control
2. access control2. access control
2. access control
7wounders
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
Mohit Saxena
 
Data security
Data securityData security
Data security
ForeSolutions
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
Ahmad El Tawil
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
Elimity
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & Cryptography
Dr. Himanshu Gupta
 
Database Security
Database SecurityDatabase Security
Database Security
alraee
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Secure communication
Secure communicationSecure communication
Secure communication
Tushar Swami
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountability
Leo Mark Villar
 
Message Handling System
Message Handling SystemMessage Handling System
Message Handling System
university of education,Lahore
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systems
Walter Sinchak,
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
Pravesh ARYA
 
Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
Ad

More Related Content

What's hot (20)

Database Security
Database SecurityDatabase Security
Database Security
alraee
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Secure communication
Secure communicationSecure communication
Secure communication
Tushar Swami
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountability
Leo Mark Villar
 
Message Handling System
Message Handling SystemMessage Handling System
Message Handling System
university of education,Lahore
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systems
Walter Sinchak,
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
Pravesh ARYA
 
Database Security
Database SecurityDatabase Security
Database Security
alraee
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Secure communication
Secure communicationSecure communication
Secure communication
Tushar Swami
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountability
Leo Mark Villar
 
Message Handling System
Message Handling SystemMessage Handling System
Message Handling System
university of education,Lahore
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systems
Walter Sinchak,
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
Pravesh ARYA
 

Viewers also liked (20)

Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
Authentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud ComputingAuthentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud Computing
Nafiseh-Kahani
 
security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...
CCTV Bangalore
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access control
Elimity
 
Info hiding
Info hidingInfo hiding
Info hiding
Muna AlKhayat
 
Advanced User Privileges
Advanced User PrivilegesAdvanced User Privileges
Advanced User Privileges
Arena PLM
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Barry Smith
 
Efecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajesEfecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajes
Laura Tamara Olmedo Rutz
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShell
Sandun Perera
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...
Binu Ramakrishnan
 
Chapter17
Chapter17Chapter17
Chapter17
gourab87
 
from text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Ontofrom text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Onto
RadhoueneRouached
 
Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...
Natalia Díaz Rodríguez
 
PowerShell Technical Overview
PowerShell Technical OverviewPowerShell Technical Overview
PowerShell Technical Overview
allandcp
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
Powershell Demo Presentation
Powershell Demo PresentationPowershell Demo Presentation
Powershell Demo Presentation
Avik Bhattacharyya
 
Ontology Engineering for Big Data
Ontology Engineering for Big DataOntology Engineering for Big Data
Ontology Engineering for Big Data
Kouji Kozaki
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And Indicators
Department of Defense
 
Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
Authentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud ComputingAuthentication and Access Control in e-Health Systems in the Cloud Computing
Authentication and Access Control in e-Health Systems in the Cloud Computing
Nafiseh-Kahani
 
security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...security and surveillance camera and equipment products available call 903580...
security and surveillance camera and equipment products available call 903580...
CCTV Bangalore
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access control
Elimity
 
Info hiding
Info hidingInfo hiding
Info hiding
Muna AlKhayat
 
Advanced User Privileges
Advanced User PrivilegesAdvanced User Privileges
Advanced User Privileges
Arena PLM
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Barry Smith
 
Efecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajesEfecto multiplicador bancario y encajes
Efecto multiplicador bancario y encajes
Laura Tamara Olmedo Rutz
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShell
Sandun Perera
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...
Binu Ramakrishnan
 
Chapter17
Chapter17Chapter17
Chapter17
gourab87
 
from text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Ontofrom text and ontology : methodologies and tools - Text2Onto
from text and ontology : methodologies and tools - Text2Onto
RadhoueneRouached
 
Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...Semantic security framework and context-aware role-based access control ontol...
Semantic security framework and context-aware role-based access control ontol...
Natalia Díaz Rodríguez
 
PowerShell Technical Overview
PowerShell Technical OverviewPowerShell Technical Overview
PowerShell Technical Overview
allandcp
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
Powershell Demo Presentation
Powershell Demo PresentationPowershell Demo Presentation
Powershell Demo Presentation
Avik Bhattacharyya
 
Ontology Engineering for Big Data
Ontology Engineering for Big DataOntology Engineering for Big Data
Ontology Engineering for Big Data
Kouji Kozaki
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And Indicators
Department of Defense
 
Ad

Similar to Data security authorization and access control (20)

Database Security and Management Systems
Database Security and Management SystemsDatabase Security and Management Systems
Database Security and Management Systems
IsmaelKakaRealsoft
 
CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access Controls
Sam Bowne
 
Authorization Pattern.pptx power point s
Authorization Pattern.pptx power point sAuthorization Pattern.pptx power point s
Authorization Pattern.pptx power point s
Coderkids
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
Wiliam Ferraciolli
 
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud SecuritySameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter
 
Lecture-12-ACL_information_Security.pptx
Lecture-12-ACL_information_Security.pptxLecture-12-ACL_information_Security.pptx
Lecture-12-ACL_information_Security.pptx
homecooking511
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
Setiya Nugroho
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
Cm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_controlCm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_control
dcervigni
 
Final year presentation
Final year presentationFinal year presentation
Final year presentation
Abhishek Jain
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
MohammedMohammed578197
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptx
UgyenWangmo8
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
009 Authentication and Access Control.pptx
009 Authentication and Access Control.pptx009 Authentication and Access Control.pptx
009 Authentication and Access Control.pptx
AssadLeo1
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
Access Control Patterns in Android Open Source Project
Access Control Patterns in Android Open Source ProjectAccess Control Patterns in Android Open Source Project
Access Control Patterns in Android Open Source Project
ratazze
 
there is a huge knowledge about internet and
there is a huge knowledge about internet andthere is a huge knowledge about internet and
there is a huge knowledge about internet and
AssadLeo1
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
Saurabh846965
 
access control information security professor hossein saiedian fall 2014
access control information security professor hossein saiedian fall 2014access control information security professor hossein saiedian fall 2014
access control information security professor hossein saiedian fall 2014
maneltighiouart7
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
NohaNagy5
 
Database Security and Management Systems
Database Security and Management SystemsDatabase Security and Management Systems
Database Security and Management Systems
IsmaelKakaRealsoft
 
CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access Controls
Sam Bowne
 
Authorization Pattern.pptx power point s
Authorization Pattern.pptx power point sAuthorization Pattern.pptx power point s
Authorization Pattern.pptx power point s
Coderkids
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
Wiliam Ferraciolli
 
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud SecuritySameer Mitter - Access Control in Cloud Security
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter
 
Lecture-12-ACL_information_Security.pptx
Lecture-12-ACL_information_Security.pptxLecture-12-ACL_information_Security.pptx
Lecture-12-ACL_information_Security.pptx
homecooking511
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
Setiya Nugroho
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
Cm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_controlCm3 secure code_training_1day_access_control
Cm3 secure code_training_1day_access_control
dcervigni
 
Final year presentation
Final year presentationFinal year presentation
Final year presentation
Abhishek Jain
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
MohammedMohammed578197
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptx
UgyenWangmo8
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
009 Authentication and Access Control.pptx
009 Authentication and Access Control.pptx009 Authentication and Access Control.pptx
009 Authentication and Access Control.pptx
AssadLeo1
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
Access Control Patterns in Android Open Source Project
Access Control Patterns in Android Open Source ProjectAccess Control Patterns in Android Open Source Project
Access Control Patterns in Android Open Source Project
ratazze
 
there is a huge knowledge about internet and
there is a huge knowledge about internet andthere is a huge knowledge about internet and
there is a huge knowledge about internet and
AssadLeo1
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
Saurabh846965
 
access control information security professor hossein saiedian fall 2014
access control information security professor hossein saiedian fall 2014access control information security professor hossein saiedian fall 2014
access control information security professor hossein saiedian fall 2014
maneltighiouart7
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
NohaNagy5
 
Ad

More from Leo Mark Villar (10)

Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authentication
Leo Mark Villar
 
Date security introduction
Date security introductionDate security introduction
Date security introduction
Leo Mark Villar
 
Web programming
Web programmingWeb programming
Web programming
Leo Mark Villar
 
Computer fundamentals-internet p2
Computer fundamentals-internet p2Computer fundamentals-internet p2
Computer fundamentals-internet p2
Leo Mark Villar
 
Computer fundamentals-internet p1
Computer fundamentals-internet p1Computer fundamentals-internet p1
Computer fundamentals-internet p1
Leo Mark Villar
 
Html
HtmlHtml
Html
Leo Mark Villar
 
Team foundation server
Team foundation serverTeam foundation server
Team foundation server
Leo Mark Villar
 
Microsoft office 2013
Microsoft office 2013Microsoft office 2013
Microsoft office 2013
Leo Mark Villar
 
Sql performance tuning
Sql performance tuningSql performance tuning
Sql performance tuning
Leo Mark Villar
 
Angular js
Angular jsAngular js
Angular js
Leo Mark Villar
 
Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authentication
Leo Mark Villar
 
Date security introduction
Date security introductionDate security introduction
Date security introduction
Leo Mark Villar
 
Web programming
Web programmingWeb programming
Web programming
Leo Mark Villar
 
Computer fundamentals-internet p2
Computer fundamentals-internet p2Computer fundamentals-internet p2
Computer fundamentals-internet p2
Leo Mark Villar
 
Computer fundamentals-internet p1
Computer fundamentals-internet p1Computer fundamentals-internet p1
Computer fundamentals-internet p1
Leo Mark Villar
 
Html
HtmlHtml
Html
Leo Mark Villar
 
Team foundation server
Team foundation serverTeam foundation server
Team foundation server
Leo Mark Villar
 
Microsoft office 2013
Microsoft office 2013Microsoft office 2013
Microsoft office 2013
Leo Mark Villar
 
Sql performance tuning
Sql performance tuningSql performance tuning
Sql performance tuning
Leo Mark Villar
 
Angular js
Angular jsAngular js
Angular js
Leo Mark Villar
 

Recently uploaded (20)

Build With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdfBuild With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdf
Google Developer Group - Harare
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
Dark Dynamism: drones, dark factories and deurbanization
Dark Dynamism: drones, dark factories and deurbanizationDark Dynamism: drones, dark factories and deurbanization
Dark Dynamism: drones, dark factories and deurbanization
Jakub Šimek
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Maarten Verwaest
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
Ivano Malavolta
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
SOFTTECHHUB
 
Artificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptxArtificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptx
03ANMOLCHAURASIYA
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Viam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdfViam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdf
camilalamoratta
 
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
 
AI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of DocumentsAI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of Documents
UiPathCommunity
 
Developing System Infrastructure Design Plan.pptx
Developing System Infrastructure Design Plan.pptxDeveloping System Infrastructure Design Plan.pptx
Developing System Infrastructure Design Plan.pptx
wondimagegndesta
 
Build With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdfBuild With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdf
Google Developer Group - Harare
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
Dark Dynamism: drones, dark factories and deurbanization
Dark Dynamism: drones, dark factories and deurbanizationDark Dynamism: drones, dark factories and deurbanization
Dark Dynamism: drones, dark factories and deurbanization
Jakub Šimek
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Maarten Verwaest
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
On-Device or Remote? On the Energy Efficiency of Fetching LLM-Generated Conte...
Ivano Malavolta
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
SOFTTECHHUB
 
Artificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptxArtificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptx
03ANMOLCHAURASIYA
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Viam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdfViam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdf
camilalamoratta
 
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
 
AI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of DocumentsAI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of Documents
UiPathCommunity
 
Developing System Infrastructure Design Plan.pptx
Developing System Infrastructure Design Plan.pptxDeveloping System Infrastructure Design Plan.pptx
Developing System Infrastructure Design Plan.pptx
wondimagegndesta
 

Data security authorization and access control

  • 3. AUTHORIZATION • Allows to specify where the party should be allowed or denied access • Implemented through the use of access controls • Allowing access means keeping in mind the PRINCIPLE OF LEAST PRIVELEGE
  • 4. PRINCIPLE OF LEAST PRIVILEGE • Dictates that we should only allow the bare minimum of access to a party – this might be a person, user account, or process – to allow it to perform the functionality needed of it. • Example : • Employee in Sales Dept. should not need access to data internal to a human resource system in order to do their job
  • 5. ACCESS CONTROL • the selective restriction of access to a place or other resource • BASIC TASKS • Allow access • Deny access • Limit access • Revoke access
  • 6. ACCESS CONTROL • ALLOW ACCESS • Giving a particular party, or parties, access to a given resource • DENY ACCESS • Preventing access by a given party to the resource in question
  • 7. ACCESS CONTROL • LIMIT ACCESS • Allowing some access to a resource but only up to a certain point • REVOKE ACCESS • Taking away access to a resource
  • 8. ACCESS CONTROL METHODS OF IMPLEMENTATION • Access Control List ( ACL ) • Capability-Based Security
  • 9. ACCESS CONTROL METHODS USE FOR IMPLEMENTATION • Access Control List ( ACL ) • Used to control access in the file systems on which operating systems run and to control the flow of traffic in the networks to which a system is attached. • typically built specifically to a certain resource containing identifiers of the party allowed to access a resource and what the party is allowed to do in relation to a resource. Alice Allow Bob Deny
  • 10. FILE SYSTEM ACL • Normally seen in file systems in operating systems to provide access to some files and folders. • PERMISSIONS • Read • Write • Execute • ACCESS PERMISSION GIVEN TO • User • Group • Others
  • 12. NETWORK ACL • IP address • MAC address • Ports • FTP uses port 20 and 21 to transfer file • Internet Message Access Protocol (IMAP) uses port 143 for managing email
  • 13. CAPABILITY-BASED SECURITY • Oriented around the use of a token that controls an access • Based entirely on the possession of the token and not who possesses it
  • 14. ACCESS CONTROL MODELS • Discretionary Access Control • Mandatory Access Control • Role-Based Access Control • Attribute-Based Access Control • Multi-level Access Control
  • 15. DISCRETIONARY ACCESS CONTROL • Model of access control based on access determined by the owner of the resource. • The owner can decide who does and does not have access and what access they are allowed to have
  • 16. MANDATORY ACCESS CONTROL • Model of access control which the owner of the resource does not get to decide who gets to access it but instead access is decided by a group or individual who has the authority to set access on resources. • Example : • Government organizations where access to a resource is dictated by the sensitivity label applied to it (secret, top secret etc)
  • 17. ROLE-BASED ACCESS CONTROL • Model of access control where functions of access control is set by an authority responsible for doing so and the basis for providing access is based on the role the individual has to be granted access.
  • 18. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • SUBJECT ATTRIBUTE • Attributes that a person possess • Example : • “You must be this tall to ride” • Captcha – Completely Automated Public Turing Test to Tell Humans and Computers Apart
  • 19. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • RESOURCE ATTRIBUTE • Attributes that is related to a particular resource like OS or application • Example • Software running on a particular OS • Web site that works on a certain browser
  • 20. ATTRIBUTE-BASED ACCESS CONTROL • Model of access control based on attributes of a person, a resource or the environment • ENVIRONMENT ATTRIBUTE • Attributes used to enable access controls that operate based on environmental conditions • Example • Time attribute
  • 21. MULTI-LEVEL ACCESS CONTROL • Model of access control that uses two or more methods to improve security of a resource • Bell-LaPadula Model • Biba Model • Brewer and Nash
  • 22. PHYSICAL ACCESS CONTROL • Concerned with controlling the access of individuals and vehicles • Access of individuals such as in and out of a building or facility. • TAILGATING occurs when we authenticate to the physical control measure such as a badge and then another person follows directly behind us without authenticating themselves.
  • 23. PHYSICAL ACCESS CONTROL • For vehicles, simple barriers, one-way spike strips, fences, rising barriers, automated gates or doors
  翻译: