Secure Application Development

Access control

Learning objectives

Understand

  • the model underlying common access control techniques
  • the best-known access control policy models such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role Based Access Control (RBAC)
  • the implementation mechanisms for access control, such as Access Control Lists (ACL) and Capabilities.

Overview

This module starts with the detailed description of the goals of an access contol system. The concepts fundamental to the model common to most access control techniques are discussed:

  • object,
  • subject,
  • reference monitor,
  • protection domain,
  • policy.
Next, common policy models are reviewed in detail, and compared:
  • Discretionary Access Control (DAC),
  • Mandatory Access Control (MAC) and
  • Role Based Access Control (RBAC) .
The need for representations of access control policies that may be automatically enforced by the reference monitor is discussed with particular reference to the forms which are currently most popular :
  • Access Control Lists (ACL) and
  • capabilities.

PDF slides

Partners:
Solvay Business School K.U. Leuven L-SEC
Sponsors:
ENISA Atos Worldline
Affiliates:
SANS OWASP ISSA-BE ISACA Belux
webmaster Login Creative Commons License
Contents of the secappdev.org web site
is licensed under a
Creative Commons
Attribution-Noncommercial 3.0 License.