ebooks     ebooks
ebooks ebooks ebooks
new titles Top Stories Home support
Advanced Search
ebooks ebooks
 Alternate History
 Classic Literature
 Dark Fantasy
 Historical Fiction
 Science Fiction
 Young Adult
 Personal Finance
 Self Improvement
 True Crime
 Secure eReaderebooks
 New eBooks 
 Series List
 Short Stories
 About Us
 Author Info
 Publisher Info

HACKER SAFE certified sites prevent over 99% of hacker crime.

Click on image to enlarge.

Security + Exam SY0-101 [MultiFormat]
eBook by Roger Lawson

eBook Category: Technology/Science/Reference
eBook Description: Great reference tool to use in preparing for the CompTIA Security + Exam SY0-101. Install it on your handheld and have it with you all the time.

eBook Publisher: MH Publishing
Fictionwise Release Date: March 2005

1 Reader Ratings:
Great Good OK Poor

Access Control

Access control is a method of allowing and disallowing certain operations on a computer or network system .Terms to be used in this section in the context of access control:

--Subject, something or someone to which access is granted or denied, i.e. a user, application, or system process.

--Object, something that is granted access or denied for, i.e. a file, printer, application, or system process.

Discretionary Access Control (DAC)

A widely used access control model is Discretionary Access Control (DAC), in which a subject has complete control over the objects that it owns and the programs that it executes. For example, user Mary owns a file called mywork.doc. Mary allows mywork.doc to be read by the group Sales and allows no one else access to it.

Programs executed by a user will have the same permissions as the user who is executing it. This implies that the security of the system depends on the applications that are being executed and, therefore, when a security breach in an application takes place, this can affect all the objects to which the user has access.

This makes DAC very vulnerable to Trojan Horses. For example, suppose subject X has read and write access to object file1, subject Y could write a program that creates a new object file2, grants subject X write access to it and subject Y read access, and copies the content from file1 to file2. Subject Y, the attacker, can disguise the program as legitimate software and send it to subject X. When subject X runs the program, the program will have the same permissions as subject X and effectively expose the content of file1 to subject Y. When administrator executes the application, the attacker could obtain the maximum privileges, jeopardizing the security of the entire system.

Mandatory Access Control (MAC)

In the Mandatory Access Control (MAC) model, the administrator maintains access control. The administrator defines a policy, which users cannot modify. This policy indicates which subject has access to which object. This access control model can increase the level of security, because it is based on a policy that does not allow any operation not specifically authorized.

In the original MAC model, access rights were granted according to numeric access levels of subjects to objects that were labeled an access level. For example, an administrator has access level 65535, and Mary level 100, and Guest has level 1. There are two files, file1 has a level of 2, file2 a level of 200, only the administrator can access both files, Mary can access only file1. Guests can neither access file1 and file2. The access level of the users has to be equal or higher than the object they want to access. Obviously, using this early MAC model alone, without discretionary access control, produces a problem: someone with level 2000 will be able to delete/alter all files with a lower level.

Though there is a solution to this, as well as to the main vulnerability in DAC, called Multi-Level Security (MLS). MLS typically used in military environments, implements an extra security layer for each object by using labels (i.e. "top secret", "secret", "confidential", and "unclassified"). In addition to the mechanisms described above, only users located in the same layer, or a higher layer, can access the objects. This works on a "need to know basis", known as the principal of least privileges. Users can only access the objects they need to be able to do their job.

Icon explanations:
Discounted eBook; added within the last 7 days.
eBook was added within the last 30 days.
eBook is in our best seller list.
eBook is in our highest rated list.

All pages of this site are Copyright © 2000- Fictionwise LLC.
Fictionwise (TM) is the trademark of Fictionwise LLC.
A Barnes & Noble Company

Bookshelf | For Authors | Privacy | Support | Terms of Use

eBook Resources at Barnes & Noble
eReader · eBooks · Free eBooks · Cheap eBooks · Romance eBooks · Fiction eBooks · Fantasy eBooks · Top eBooks · eTextbooks