OverView of Mandatory, Discretionary, Role and Rule Based Access Control Models
One of the key foundations of a comprehensive IT security strategy involves implementing an appropriate level of access control to all computer systems in an organization or enterprise. This tutorial will provide an overview of four types of access control.
- Mandatory Access Control
- Discretionary Access Control
- Rule-Based Access Control
- Role-Based Access Control
An Overview of Access Control
The term Access Control is something of an equivocal term. To some it could be interpreted as controlling the access to a system from an external source (for instance controlling the login procedure by means of which users access to a server or desktop system). In fact, such access control is actually referred to as Authentication or Identity Verification and is not what is meant by Access Control in this context.
The term Access Control actually refers to the control over access to system resources after a user's account credentials and identity have been authenticated and access to the system granted. For example, a particular user, or group of users, might only be permitted access to certain files after logging into a system, while simultaneously being denied access to all other resources.
Mandatory Access Control
Access to an object is restricted based on the sensitivity of the object (defined by the label that is assigned), and granted through authorization (clearance) to access that level of data. The design of Mandatory Access Control (MAC) was defined, and is primarily used by the government.
MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. It is not possible under MAC enforcement for users to change the access control of a resource.
Mandatory access control is a nondiscretionary control also known as multilevel security. You classify all users and resources and assign a security label to the classification. Access requests are denied if the requestor's security label does not match the security label of the resource.
Access is granted to the user if his or her classification is equal to or higher than the classification of the resource he or she wishes to access. MAC techniques reduce the need for you to maintain ACLs because the access decision logic is built into the classification hierarchy.
Mandatory Access Control is by far the most secure access control environment but does not come without a price. Firstly, MAC requires a considerable amount of planning before it can be effectively implemented. Once implemented it also imposes a high system management overhead due to the need to constantly update object and account labels to accommodate new data, new users and changes in the categorization and classification of existing users.
Discretionary Access Control
Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the operating system (under the control of a system administrator), Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems.
With DAC, an access control list (ACL) is maintained that lists the users with access and what type of access they have. ACLs can be stored as part of the file, in a file, or in a database. An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group. For example, User A may provide read-only access on one of her files to User B, read and write access on the same file to User C and full control to any user belonging to Group 1.
You need to be aware of the many risks associated with DAC. These risks are inherent because there is no centralized administration, as each file owner controls the access level to his or her personal files. Some owners might not be security conscious, and as a result, they might either inadvertently or intentionally allow all users to modify any file they own. Some of the risks that you must be aware of and will have to mitigate include the following:
- Software might be executed or updated by unauthorized personnel.
- Confidential information might be accidentally or deliberately compromised by users who are not intended to have access.
- Auditing of file and resource accesses might be difficult.
The assumption of DAC is that the owner or administrator of the information has the knowledge, skill, and ability to limit access appropriately and control who can see or work with the information.
Discretionary Access Control provides a much more flexible environment than Mandatory Access Control but also increases the risk that data will be made accessible to users that should not necessarily be given access.
Role Based Access Control
In role-based access control, information is categorized according to subject matter, which might reflect some sensitivity criteria inherent in the environment. Persons and processes are identified for access to the information by the role they play within the enterprise. For example, people in the budget department could access and use sensitive budget data, whereas people in other parts of the enterprise would be denied access to such information.
Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role.
RBAC is an alternative to DAC and MAC, giving you the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. You can assign a collection of users to a single role. For example, you might assign an administrative role to one or more system administrators responsible for maintaining your enterprise server.
Roles are mapped to a particular resource or a particular user group. When roles are mapped to a resource, the resource name defined in the role is verified and then it is determined if access is permitted to proceed. When roles are mapped to a group, the role group is compared with the group associated with a resource to determine whether the operation is permitted to proceed. Such role-based access control requires that a list of roles be maintained and that mappings from role to user or user group be established.
Rule Based Access Control
Rule Based Access Control (RBAC) introduces acronym ambiguity by using the same four letter abbreviation (RBAC) as Role Based Access Control.
Under Rules Based Access Control, access is allowed or denied to resource objects based on a set of rules defined by a system administrator. As with Discretionary Access Control, access properties are stored in Access Control Lists (ACL) associated with each resource object. When a particular account or group attempts to access a resource, the operating system checks the rules contained in the ACL for that object.
Examples of Rules Based Access Control include situations such as permitting access for an account or group to a network connection at certain hours of the day or days of the week.
As with MAC, access control cannot be changed by users. All access permissions are controlled solely by the system administrator.
Did you find this tutorial helpful? Don’t forget to share your views with us.