Tuesday, October 16, 2012

Cyberspace and Cybersecurity: Archive Post 4

As of the start of this blog, I am in my second course for my Masters of Science in Cybersecurity. This is an archived posting from the first course.

Topic - Access Control Models
For each access control model (RBAC, DAC and MAC), describe the environment in which that model would work best. Provide examples.
From February 24, 2012.

Discretionary access control is useful in a shared user environment like a Unix system to provide file permissions. “In DAC, generally the resource owner (a user) controls who has access to a resource. (IBM, 2012)” This allows each user to share files they wish to, but still keep private others.

Role based access control works well for situations where a system is shared amongst various groups, but individual users do not need personal privacy. A timekeeping and point of sale system at a restaurant is a good example of this, like the one used at the Big Boy I worked at in high school. Access to clock in and out was provided to all employs but the rest of the system was denied to the kitchen staff. Servers, hosts, and managers all had access to order submission; while only managers had access to remove orders and pull daily statistics.

Mandatory access control limits security definitions to a policy administrator. Security takes precedence over usability because the access-control model “attempt to prevent transfer of information that is not allowed by the rules” (Goodrich & Tamassia, 2011) Trade secrets or national security information are good targets for this type of access control because more harm can come from unauthorized access than from inconveniences in sharing between authorized parties.


Goodrich, M. T., & Tamassia R., (2011) Introduction to Computer Security. Boston, MA: Pearson

IBM (2012). Access control: MAC and DAC. Retrieved from http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaai%2Fselinux%2Fliaaiselinuxmacdac.htm

No comments:

Post a Comment