Java Reference
In-Depth Information
certain high-security systems, where conidentiality of information is paramount. In a mandatory
access control system, objects in the system (iles and folders) are assigned clearance levels. Individuals
requiring access to these objects must be of an equal or higher clearance to read/view of the data.
he clearance levels may be speciied as unclassiied, classiied, secret, and top secret, depending on
the sensitivity of the data. For instance, an individual with a clearance for classiied information can
read unclassiied information but cannot view secret or top secret information. However, the situa-
tion changes when it comes to creation of iles or data. Users from a lower classiication can create
iles at a higher classiication. For instance, classiied users can create secret or top secret documents,
but they will not have access to read them. While this sounds strange, the objective of preventing
information dissemination is achieved. Information may low inward freely, but it cannot low out-
ward without the imposition of certain restrictions, in this case, the classiications.
Mandatory access control has no concept of data owner or user inluence over authorization
over critical information. he system controls all access (based on classiications) and users have
no control over the access control.
7.1.3.3 Role-Based Access Control
Role-based access control is one of the most popular models for access control. Role-based access
control was a newer concept when contrasted with MAC and DAC. Role-based access control
derives its fundamentals from the concept of “need to know,” also known as the
principle of least
privilege
. In an organization, there are departments and individual roles for every department.
Role-based access control advocates the provision of as much access and privileges required for
information as required by the role of an individual. For instance, a human resource manager
would not have any reason to view or edit sales information and hence would not have any access
to sales information. He or she would have access to human resources information and any other
information that might be required for the role of a human resource manager.
Role-based access control is diferent from DAC, because it does not have the concept of data
owners and access controls provided at the discretion of the data owner/administrator. RBAC
works on the concept of user roles and access to information is deined based on individual roles
and the need to access the said information.
Role-based access control difers from MAC because it does not have classiication of data
according to sensitivity and it does not require individuals to be at a particular level of clearance
to view/edit/delete/create data. he fundamental concept of an RBAC system is that it provides
access to information that is necessary for an individual's role in an organization.
7.2 Developing a Robust Access Control
System for Web Applications
7.2.1 Attacks against Web Application Access Control
Access control mechanisms are the perimeter defense for a Web application. Attackers realize that
gaining access to an application is the irst step towards gaining access to the sensitive information
stored, processed, or transmitted by the application. Attackers have continually focused their
eforts in gaining access to a Web application by circumventing or otherwise defeating Web appli-
cation access control. his has also been aided by the fact that several Web applications have
poor access control mechanisms and are rife with security vulnerabilities. Attackers have taken
Search WWH ::
Custom Search