Lecture "On safety and security of information systems: Access control" provide students with knowledge about: Four parts of access control; Types of access control; Formal models of access control; . Please refer to the detailed content of the lecture! | ACCESS CONTROL Contents 1 What is Access Control 2 Four parts of access control 3 Types of access control 4 Formal Models of Access Control 1. What is Access Control Access control are methods used to restrict and allow access to certain items such as automobiles homes computers and even your smartphone. Access control is the process of protecting a resource so that it is used only by those allowed to use it. 2. Four-Part Access Control Identification Who is asking to access the asset Authentication Can the requestor s identity be verified Authorization What exactly can the requestor access And what can they do Accountability How can actions be traced to an individual We need to ensure that a person who accesses or makes changes to data or systems can be identified Authorization Policies The first step to controlling access is to create a policy that defines authorization rules. Authorization is the process of deciding who has access to which computer and network resources Authorization policy is based on job roles Authorization policy is based on each individual user Methods and Guidelines for Identification Identification Methods username smart card Biometric fingerprints face voice Identification Guidelines To ensure that all actions carried out in a computer system can be associated with a specific user each user must have a unique identifier Processes and Requirements for Authentication Authentication Types There are five types of authentication Knowledge Something you know such as a password passphrase or personal identification number PIN . Ownership Something you have such as a smart card key badge or token. Characteristics Some attribute that is unique to you such as your fingerprints retina or signature. Processes and Requirements for Authentication Authentication Types Location Somewhere you are such as your physical location when you attempt to access a resource Action Something you do or how you do it such as the way you type on a keyboard Policies .
