1. Home
  2. Docs
  3. Information Security
  4. Introduction
  5. Access Control Models

Access Control Models

Access control models are crucial in information security to regulate who can access specific data and resources, ensuring the confidentiality, integrity, and availability of information.

Discretionary Access Control (DAC) is a model where the owner of an information resource (e.g., a file, database entry, or document) determines who can access it and specifies the level of access (e.g., read, write, or execute).

  • DAC provides flexibility in sharing information but can introduce risks if permissions are not carefully managed, such as unauthorized propagation of access rights.
  • The control is “discretionary” because the owner has complete authority over resource sharing.
  • In DAC, access is granted based on user identities and permissions assigned by the owner.

Example

  • A researcher in a university controls access to a sensitive report by allowing only trusted colleagues to edit it while granting others read-only access.
  • If one of the trusted colleagues shares their access rights with an unauthorized person, the system cannot prevent this.

Role-Based Access Control (RBAC) is a model where access to information resources is granted based on predefined roles that users are assigned. These roles are linked to specific permissions needed for their responsibilities, ensuring a structured and secure access mechanism.

  • RBAC enforces the principle of least privilege by restricting users to only the resources necessary for their role.
  • Users are assigned one or more roles, and each role has predefined permissions.
  • It simplifies access management in large organizations, reducing the risk of human error in assigning permissions.

Example

  • In a financial institution, a “Teller” role might have access to customer account details and the ability to process transactions but no access to financial audits, which are restricted to users with the “Auditor” role.

Attribute-Based Access Control (ABAC) is a dynamic access control model that uses policies based on attributes associated with users, resources, and the environment to determine access rights.

  • ABAC enables fine-grained and context-aware access control, improving security by adapting to varying conditions and requirements.
  • It aligns well with complex environments, such as cloud computing or IoT, where static roles or owner-based controls are insufficient.
  • It is more flexible than DAC and RBAC because it adapts to dynamic contexts.

Example

  • A hospital’s information system allows access to patient records only to physicians who are on duty, physically present in the hospital, and assigned to the specific patient’s case. This policy prevents unauthorized access even by other physicians.

How can we help?

Leave a Reply

Your email address will not be published. Required fields are marked *