CS406: Information Security, Topic: Unit 4: Access Control Mechanisms

Unit 4: Access Control Mechanisms
Access control is a system that enables an authority to control access to areas and resources in a given physical facility or computer-based information system. In this unit, we will explore the access control mechanisms for user authorization. By the means of access control, appropriate authorization to information is provided to different entities in an organization. The common mechanisms include discretionary access control (DAC) and role-based access control (RBAC). We look into each of these in the context of their current usage in a typical enterprise.

Completing this unit should take you approximately 7 hours.
- Unit 4 Learning Outcomes Page
- 4.1: Authentication
  - Open Web Application Security Project: "Authentication" URL
    Read this chapter about authentication, a process of determining if a user or entity is who he/she claims to be.
- 4.2: Access Control and Authorization
  - Open Web Application Security Project: "Access Control and Authorization" URL
    Read this chapter about discretionary access control (DAC) and role-based access control (RBAC), a technical means for controlling access to computer resources.
- 4.3: Role-Based Access Control
  - National Institute of Standards and Technology: "An Introduction to Role-Based Access Control" URL
    Read this page about role-based access control (RBAC), a technical means for controlling access to computer resources.
- 4.4: Role-Based Access Control and Role Graph Model
  - Purdue University: Sylvia Osborn's "The Role Graph Model and Its Extensions" Page
    Watch this video about techniques used in context of Role-Based Access Control mechanism.