SlideShare a Scribd company logo

Information Security (Protection Model _ Access Control ).pdf

F
faiziikanwal47

The document discusses various protection models in information security, focusing on access control mechanisms that regulate how users access system resources. It details different types of access control models, including mandatory, discretionary, role-based, attribute-based, and rule-based control, describing their unique principles and applications. Organizations can choose a model or a combination based on their specific security needs and risk tolerance.

Environment
1 of 17
Download to read offline
1
2
3
Most read
4
Most read
5
Most read
6
7
8
9
10
11
12
13
14
15
16
17
Information Security Protection Model Access Control Model
Protection Models • In information security, protection models refer to the various methods and techniques used to protect systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. • Here are some common protection models:
Protection Models cont… 1. Access Control Model 2. Confidentiality Model 3. Integrity Model 4. Availability Model 5. Defense in Depth Model 6. Least Privilege Model 7. Principle of Least Astonishment (POLA) Model
Protection Models cont… Access Control Model • The Access Control Model is a security model that governs how users are granted access to system resources and data. • It determines the mechanisms and rules for authentication, authorization, and accounting (AAA) in order to enforce proper access controls. • The goal of the Access Control Model is to ensure that only authorized individuals or processes are allowed to access specific resources or perform certain actions within a system.
Protection Models cont… Access Control Model • There are several types of Access Control Models, including: 1. Mandatory Access Control (MAC) 2. Discretionary Access Control (DAC) 3. Role-Based Access Control (RBAC) 4. Attribute-Based Access Control (ABAC) 5. Rule-Based Access Control (RBAC)
Protection Models cont… Access Control Model: Mandatory Access Control (MAC) • This model assigns security labels (e.g., security classifications or levels) to both users and system resources. • Access decisions are based on the labels and predefined access rules, which are typically enforced by the operating system or security software.
Protection Models cont… Access Control Model: Mandatory Access Control (MAC)
Protection Models cont… Access Control Model: Discretionary Access Control (DAC) • In this model, access control decisions are left to the discretion of the resource owner. • Each resource has an associated Access Control List (ACL) that specifies the permissions granted to individual users or groups.
Protection Models cont… Access Control Model: Discretionary Access Control (DAC)
Protection Models cont… Access Control Model: Discretionary Access Control (DAC)
Protection Models cont… Access Control Model: Role-Based Access Control (RBAC) • RBAC is based on the concept of roles. • Users are assigned specific roles, and permissions are assigned to these roles rather than to individual users. • This simplifies administration and enables more efficient management of access controls.
Protection Models cont… Access Control Model: Role-Based Access Control (RBAC)
Protection Models cont… Access Control Model: Role-Based Access Control (RBAC)
Protection Models cont… Access Control Model: Attribute-Based Access Control (ABAC) • ABAC takes into account various attributes or characteristics of users, resources, and the environment to make access control decisions. • Attributes such as user roles, time of access, location, and data classification can be considered when determining access permissions.
Protection Models cont… Access Control Model: Attribute-Based Access Control (ABAC)
Protection Models cont… Access Control Model: Rule-Based Access Control (RBAC) • RBAC uses a set of predefined rules to determine access permissions. • These rules are based on conditions or criteria specified in policies and are evaluated to determine whether access should be granted or denied.
Protection Models cont… Access Control Model • Each Access Control Model has its own advantages and is suitable for different security requirements and environments. • Organizations may choose to implement one or a combination of these models based on their specific needs and risk tolerance.

More Related Content

PPTX
Group 5 computer security and terms.pptx
GilbertMashawi1
 
PPTX
Access Control in internet and computer science.pptx
moromoro8
 
PPTX
Lecture-12-ACL_information_Security.pptx
homecooking511
 
PDF
S5-Authorization
zakieh alizadeh
 
PPTX
Least privilege, access control, operating system security
Prachi Gulihar
 
PPTX
unit 5 in the database for master of Engineering
poonkodiraja2806
 
PPTX
484444398-Chapter-11-Access-Control-Fundamentals.pptx
someoneelse1981
 
PDF
Access Control Fundamentals
Setiya Nugroho
 
Group 5 computer security and terms.pptx
GilbertMashawi1
 
Access Control in internet and computer science.pptx
moromoro8
 
Lecture-12-ACL_information_Security.pptx
homecooking511
 
S5-Authorization
zakieh alizadeh
 
Least privilege, access control, operating system security
Prachi Gulihar
 
unit 5 in the database for master of Engineering
poonkodiraja2806
 
484444398-Chapter-11-Access-Control-Fundamentals.pptx
someoneelse1981
 
Access Control Fundamentals
Setiya Nugroho
 

Similar to Information Security (Protection Model _ Access Control ).pdf (20)

PPT
lecture7-accesscontroool_ct1405.pptx.ppt
maneltighiouart7
 
PPTX
resource security and protection in distributed system
sathiabama40
 
PPTX
Authorization Pattern.pptx power point s
Coderkids
 
PPSX
Final year presentation
Abhishek Jain
 
PPT
Design for security in operating system
Bhagyashree Barde
 
PPT
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Positive Hack Days
 
PPT
access control information security professor hossein saiedian fall 2014
maneltighiouart7
 
PDF
Application Security -- Authorization Models
adinath7
 
PPTX
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
FRSecure
 
PPTX
Database security and security in networks
Prachi Gulihar
 
PPTX
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
PPT
4_5949547032388570388.ppt
MohammedMohammed578197
 
PDF
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Denis Kolegov
 
PDF
Slide Deck CISSP Class Session 4
FRSecure
 
PPT
Access control mechanism (DAC, MAC and RBAC).ppt
DAKSHATAPANCHAL2
 
PDF
access-control-basics-murat-kantarcioglu.pdf
NohaNagy5
 
PPT
Isys20261 lecture 12
Wiliam Ferraciolli
 
PPT
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter
 
PPTX
Identity and Access Management-CLOUD.pptx
muthulakshmi279332
 
PPTX
database Security for data security .pptx
KarimAhmed722436
 
lecture7-accesscontroool_ct1405.pptx.ppt
maneltighiouart7
 
resource security and protection in distributed system
sathiabama40
 
Authorization Pattern.pptx power point s
Coderkids
 
Final year presentation
Abhishek Jain
 
Design for security in operating system
Bhagyashree Barde
 
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Positive Hack Days
 
access control information security professor hossein saiedian fall 2014
maneltighiouart7
 
Application Security -- Authorization Models
adinath7
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Database security and security in networks
Prachi Gulihar
 
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
4_5949547032388570388.ppt
MohammedMohammed578197
 
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Denis Kolegov
 
Slide Deck CISSP Class Session 4
FRSecure
 
Access control mechanism (DAC, MAC and RBAC).ppt
DAKSHATAPANCHAL2
 
access-control-basics-murat-kantarcioglu.pdf
NohaNagy5
 
Isys20261 lecture 12
Wiliam Ferraciolli
 
Sameer Mitter - Access Control in Cloud Security
Sameer Mitter
 
Identity and Access Management-CLOUD.pptx
muthulakshmi279332
 
database Security for data security .pptx
KarimAhmed722436
 
Ad

More from faiziikanwal47 (18)

PDF
01A_Niyyat-Ka-Maani-Awr-Ahmiyya6666t.pdf
faiziikanwal47
 
PDF
Cloud Computing Models.uututuutututtuutut
faiziikanwal47
 
PPTX
1602984149-1-introduction.pptx4hjdqehjeg
faiziikanwal47
 
PPTX
1602984229-2-req-engg-process.pptxj89009
faiziikanwal47
 
PPT
lecture9-190719030941 globalized availab
faiziikanwal47
 
PPTX
Ch5 System modeling globally availabless
faiziikanwal47
 
PDF
Information Security 20- Risk Assessment.pdf
faiziikanwal47
 
PDF
Information Security 16- Information Flow.pdf
faiziikanwal47
 
PDF
Information Security 10- Network Security.pdf
faiziikanwal47
 
PDF
Information Security 07- Audit.pdnjn;pp[pf
faiziikanwal47
 
PDF
Information Security 06- Hashing and Digital Signatures.pdf
faiziikanwal47
 
PDF
Information Security 05- Encryption.pdfn
faiziikanwal47
 
PDF
information security Lecture by cyber security
faiziikanwal47
 
PDF
market side business mind side to get enough
faiziikanwal47
 
PDF
information security by cryptography sid
faiziikanwal47
 
PDF
Information Security 08- Intrusion Detection and Response (1).pdf
faiziikanwal47
 
PPT
12Outlier.for software introductionalism
faiziikanwal47
 
PPT
CurrieTesting. in engineering field relevant
faiziikanwal47
 
01A_Niyyat-Ka-Maani-Awr-Ahmiyya6666t.pdf
faiziikanwal47
 
Cloud Computing Models.uututuutututtuutut
faiziikanwal47
 
1602984149-1-introduction.pptx4hjdqehjeg
faiziikanwal47
 
1602984229-2-req-engg-process.pptxj89009
faiziikanwal47
 
lecture9-190719030941 globalized availab
faiziikanwal47
 
Ch5 System modeling globally availabless
faiziikanwal47
 
Information Security 20- Risk Assessment.pdf
faiziikanwal47
 
Information Security 16- Information Flow.pdf
faiziikanwal47
 
Information Security 10- Network Security.pdf
faiziikanwal47
 
Information Security 07- Audit.pdnjn;pp[pf
faiziikanwal47
 
Information Security 06- Hashing and Digital Signatures.pdf
faiziikanwal47
 
Information Security 05- Encryption.pdfn
faiziikanwal47
 
information security Lecture by cyber security
faiziikanwal47
 
market side business mind side to get enough
faiziikanwal47
 
information security by cryptography sid
faiziikanwal47
 
Information Security 08- Intrusion Detection and Response (1).pdf
faiziikanwal47
 
12Outlier.for software introductionalism
faiziikanwal47
 
CurrieTesting. in engineering field relevant
faiziikanwal47
 
Ad

Recently uploaded (20)

DOCX
Epoxy Coated Steel Bolted Tanks for Crude Oil Large-Scale Raw Oil Containment...
AllenLin596164
 
PPTX
UN Environmental Inventory User Training 2021.pptx
Guillermo Acosta Pérez
 
PPTX
ser tico.pptxXYDTRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRY
AnguloSuley
 
PPTX
Plant_Cell_Presentation.pptx.com learning purpose
itharshsahu611
 
PPTX
Making GREEN and Sustainable Urban Spaces
JIT KUMAR GUPTA
 
DOCX
Epoxy Coated Steel Bolted Tanks for Agricultural Waste Biogas Digesters Turns...
AllenLin596164
 
PDF
Effect of salinity on biochimical and anatomical characteristics of sweet pep...
Open Access Research Paper
 
PPTX
NOISE-MITIGATION.-pptxnaksnsbaksjvdksbsksk
tacuyogjerson12
 
PPTX
Green and Cream Aesthetic Group Project Presentation.pptx
avishekkundu67
 
DOCX
Epoxy Coated Steel Bolted Tanks for Anaerobic Digestion (AD) Plants Core Comp...
AllenLin596164
 
PDF
Tree Biomechanics, a concise presentation
ssaur
 
PPTX
Environmental Ethics: issues and possible solutions
avsareankita
 
PPTX
Delivery census may 2025.pptxMNNN HJTDV U
SivasangariPurushoth
 
PDF
PET Hydrolysis (polyethylene terepthalate Hydrolysis)
maheshsharma7168
 
PPTX
9.-Sedatives-and-Hypnotics.pptxcccccccccccccccccccppt
uppujrrr256
 
PPTX
Topic Globalisation and Lifelines of National Economy (1).pptx
ridamten1423
 
PDF
Effective factors on adoption of intercropping and it’s role on development o...
Open Access Research Paper
 
PDF
Blue Economy Development Framework for Indonesias Economic Transformation.pdf
dyahmarganingrum2
 
PPTX
Conformity-and-Deviance module 7 ucsp grade 12
JAYLORD21
 
DOCX
Epoxy Coated Steel Bolted Tanks for Leachate Storage Securely Contain Landfil...
AllenLin596164
 
Epoxy Coated Steel Bolted Tanks for Crude Oil Large-Scale Raw Oil Containment...
AllenLin596164
 
UN Environmental Inventory User Training 2021.pptx
Guillermo Acosta Pérez
 
ser tico.pptxXYDTRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRY
AnguloSuley
 
Plant_Cell_Presentation.pptx.com learning purpose
itharshsahu611
 
Making GREEN and Sustainable Urban Spaces
JIT KUMAR GUPTA
 
Epoxy Coated Steel Bolted Tanks for Agricultural Waste Biogas Digesters Turns...
AllenLin596164
 
Effect of salinity on biochimical and anatomical characteristics of sweet pep...
Open Access Research Paper
 
NOISE-MITIGATION.-pptxnaksnsbaksjvdksbsksk
tacuyogjerson12
 
Green and Cream Aesthetic Group Project Presentation.pptx
avishekkundu67
 
Epoxy Coated Steel Bolted Tanks for Anaerobic Digestion (AD) Plants Core Comp...
AllenLin596164
 
Tree Biomechanics, a concise presentation
ssaur
 
Environmental Ethics: issues and possible solutions
avsareankita
 
Delivery census may 2025.pptxMNNN HJTDV U
SivasangariPurushoth
 
PET Hydrolysis (polyethylene terepthalate Hydrolysis)
maheshsharma7168
 
9.-Sedatives-and-Hypnotics.pptxcccccccccccccccccccppt
uppujrrr256
 
Topic Globalisation and Lifelines of National Economy (1).pptx
ridamten1423
 
Effective factors on adoption of intercropping and it’s role on development o...
Open Access Research Paper
 
Blue Economy Development Framework for Indonesias Economic Transformation.pdf
dyahmarganingrum2
 
Conformity-and-Deviance module 7 ucsp grade 12
JAYLORD21
 
Epoxy Coated Steel Bolted Tanks for Leachate Storage Securely Contain Landfil...
AllenLin596164
 

Information Security (Protection Model _ Access Control ).pdf

  • 2. Protection Models • In information security, protection models refer to the various methods and techniques used to protect systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. • Here are some common protection models:
  • 3. Protection Models cont… 1. Access Control Model 2. Confidentiality Model 3. Integrity Model 4. Availability Model 5. Defense in Depth Model 6. Least Privilege Model 7. Principle of Least Astonishment (POLA) Model
  • 4. Protection Models cont… Access Control Model • The Access Control Model is a security model that governs how users are granted access to system resources and data. • It determines the mechanisms and rules for authentication, authorization, and accounting (AAA) in order to enforce proper access controls. • The goal of the Access Control Model is to ensure that only authorized individuals or processes are allowed to access specific resources or perform certain actions within a system.
  • 5. Protection Models cont… Access Control Model • There are several types of Access Control Models, including: 1. Mandatory Access Control (MAC) 2. Discretionary Access Control (DAC) 3. Role-Based Access Control (RBAC) 4. Attribute-Based Access Control (ABAC) 5. Rule-Based Access Control (RBAC)
  • 6. Protection Models cont… Access Control Model: Mandatory Access Control (MAC) • This model assigns security labels (e.g., security classifications or levels) to both users and system resources. • Access decisions are based on the labels and predefined access rules, which are typically enforced by the operating system or security software.
  • 7. Protection Models cont… Access Control Model: Mandatory Access Control (MAC)
  • 8. Protection Models cont… Access Control Model: Discretionary Access Control (DAC) • In this model, access control decisions are left to the discretion of the resource owner. • Each resource has an associated Access Control List (ACL) that specifies the permissions granted to individual users or groups.
  • 9. Protection Models cont… Access Control Model: Discretionary Access Control (DAC)
  • 10. Protection Models cont… Access Control Model: Discretionary Access Control (DAC)
  • 11. Protection Models cont… Access Control Model: Role-Based Access Control (RBAC) • RBAC is based on the concept of roles. • Users are assigned specific roles, and permissions are assigned to these roles rather than to individual users. • This simplifies administration and enables more efficient management of access controls.
  • 12. Protection Models cont… Access Control Model: Role-Based Access Control (RBAC)
  • 13. Protection Models cont… Access Control Model: Role-Based Access Control (RBAC)
  • 14. Protection Models cont… Access Control Model: Attribute-Based Access Control (ABAC) • ABAC takes into account various attributes or characteristics of users, resources, and the environment to make access control decisions. • Attributes such as user roles, time of access, location, and data classification can be considered when determining access permissions.
  • 15. Protection Models cont… Access Control Model: Attribute-Based Access Control (ABAC)
  • 16. Protection Models cont… Access Control Model: Rule-Based Access Control (RBAC) • RBAC uses a set of predefined rules to determine access permissions. • These rules are based on conditions or criteria specified in policies and are evaluated to determine whether access should be granted or denied.
  • 17. Protection Models cont… Access Control Model • Each Access Control Model has its own advantages and is suitable for different security requirements and environments. • Organizations may choose to implement one or a combination of these models based on their specific needs and risk tolerance.