Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

13. Access Control Techniques

13.3. Access Control Matrix

  • An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects.
  • The access rights that are assigned to individual subjects are called capabilities and those assigned to objects are called Access Control Lists (ACL).
  • This technique uses a capability table to specify the capabilities of a subject pertaining to specific objects. A capability can be in the form of a token, ticket, or key.
    • Each row is a capability and each column is an ACL for a given user.
    • Kerberos uses a capability-based system where every user is given a ticket, which is his capability table.
  • ACL’s are lists of subjects that are authorized to access a specific object and they define what level of authorization is granted ( both at individual and at group level)
  • ACL’s map values from the access control matrix to the object.
  • Note: A capability table is bound to a subject, whereas an ACL is bound to an object.