Role-based Access Control
   HOME
*





Role-based Access Control
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication. Design Within an organization, roles are created for various job functions. The permissions to perform certain operations are assign ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Mandatory Access Control
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on an ''object'' or ''target''. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/ UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules (aka ''policy'') to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objec ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


CakePHP
CakePHP is an open-source web framework. It follows the model–view–controller (MVC) approach and is written in PHP, modeled after the concepts of Ruby on Rails, and distributed under the MIT License. CakePHP uses well-known software engineering concepts and software design patterns, such as convention over configuration, model–view–controller, active record, association data mapping, and front controller. History CakePHP started in April 2005, when a Polish programmer Michal Tatarynowicz wrote a minimal version of a rapid application development framework in PHP, dubbing it Cake. He published the framework under the MIT license, and opened it up to the online community of developers. In December 2005, L. Masters and G. J. Woodworth founded the Cake Software Foundation to promote development related to CakePHP. Version 1.0 was released in May 2006. One of the project's inspirations was Ruby on Rails, using many of its concepts. The community has since grown and spawne ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


AGDLP
AGDLP (an abbreviation of "account, global, domain local, permission") briefly summarizes Microsoft's recommendations for implementing role-based access controls (RBAC) using nested groups in a native-mode Active Directory (AD) domain: User and computer accounts are members of global groups that represent business roles, which are members of domain local groups that describe resource permissions or user rights assignments. AGUDLP (for "account, global, universal, domain local, permission") and AGLP (for "account, global, local, permission") summarize similar RBAC implementation schemes in Active Directory forests and in Windows NT domains, respectively. Details Role based access controls (RBAC) simplify routine account management operations and facilitate security audits. System administrators do not assign permissions directly to individual user accounts. Instead, individuals acquire access through their roles within an organization, which eliminates the need to edit a pote ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Risk-based Authentication
In Authentication, risk-based authentication is a non-static authentication system which takes into account the profile (IP address, User-Agent HTTP header, time of access, and so on) of the agent requesting access to the system to determine the risk profile associated with that transaction. The risk profile is then used to determine the complexity of the challenge. Higher risk profiles leads to stronger challenges, whereas a static username/password may suffice for lower-risk profiles. Risk-based implementation allows the application to challenge the user for additional credentials only when the risk level is appropriate. The point is that user validation accuracy is improved without inconveniencing a user and risk-based authentication is used by major companies. Criticism * The system that computes the risk profile has to be diligently maintained and updated as new threats emerge. Improper configuration may lead to unauthorized access. * The user's connection profile (e.g. IP Ge ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Location-based Authentication
Location-based authentication is a special procedure to prove an individual's identity on appearance simply by detecting its presence at a distinct location. To enable location-based authentication, a special combination of objects is required. * Firsthand, the individual that applies for being identified and authenticated has to present a sign of identity. * Secondly, the individual has to carry at least one human authentication factor that may be recognized on the distinct location. * Thirdly, the distinct location must be equipped with a resident means that is capable to determine the coincidence of individual at this distinct location. Distinctiveness of locating Basic requirement for safe location-based authentication is a well-defined separation of locations as well as an equally well-defined proximity of the applying individual to this location. Challenges , no offered technical solution for simple location-based authentication includes a method for limiting the gra ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Capability-based Security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses traditional UNIX permissions and Access Control Lists. Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities amo ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


RSBAC
Rule-set-based access control (RSBAC) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). Features * Free open source GNU General Public License (GNU General Public License, GPL) Linux kernel security extension * Independent of governments and big companies * Several well-known and new security models, e.g. mandatory access control (Mandatory access control, MAC), access control list (Access control list, ACL), and role compatibility (RC) * On-access virus scanning with Dazuko interface * Detailed control over individual user and program network accesses * Fully Access control, access controlled kernel level user management * Any combination of security models possible * Easily extensible: write your own model for runtime registration * Support for latest kernels * Stable for production use * Easily portable to other operating systems The RSBAC system architecture has been derived and ext ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Organisation-based Access Control
In computer security, organization-based access control (OrBAC) is an access control model first presented in 2003. The current approaches of the access control rest on the three entities (''subject'', ''action'', ''object'') to control the access the policy specifies that some subject has the permission to realize some action on some object. OrBAC allows the policy designer to define a security policy independently of the implementation. The chosen method to fulfill this goal is the introduction of an abstract level. * Subjects are abstracted into roles. A role is a set of subjects to which the same security rule apply. * Similarly, an activity is a set of actions to which the same security rule apply. * And, a view is a set of objects to which the same security rule apply. Each security policy is defined for and by an organization. Thus, the specification of the security policy is completely parameterized by the organization so that it is possible to handle simultaneously s ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Access Control List
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file object has an ACL that contains , this would give Alice permission to read and write the file and give Bob permission only to read it. Implementations Many kinds of operating systems implement ACLs or have a historical implementation; the first implementation of ACLs was in the filesystem of Multics in 1965. Filesystem ACLs A filesystem ACL is a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files. These entries are known as access-control entries (ACEs) in the Microsoft Windows NT, OpenVMS, and Unix-like operating systems s ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


NIST RBAC Model
The NIST RBAC model is a standardized definition of role-based access control. Although originally developed by the National Institute of Standards and Technology, the standard was adopted and is copyrighted and distributed as INCITS 359-2004 by the International Committee for Information Technology Standards The InterNational Committee for Information Technology Standards (INCITS), (pronounced "insights"), is an ANSI-accredited standards development organization composed of Information technology developers. It was formerly known as the X3 and NCITS. ... (INCITS). The latest version is INCITS 359-2012. It is managed by INCITS committee CS1. History In 2000, NIST called for a unified standard for RBAC, integrating the RBAC model published in 1992 by Ferraiolo and Kuhn with the RBAC framework introduced by Sandhu, Coyne, Feinstein, and Youman (1996). This proposal was published by Sandhu, Ferraiolo, and Kuhn and presented at the ACM 5th Workshop on Role Based Access Control ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

IT Infrastructure
Information technology infrastructure is defined broadly as a set of information technology (IT) components that are the foundation of an IT service; typically physical components (computer and networking hardware and facilities), but also various software and network components. According to the ITIL Foundation Course Glossary, IT Infrastructure can also be termed as “All of the hardware, software, networks, facilities, etc., that are required to develop, test, deliver, monitor, control or support IT services. The term IT infrastructure includes all of the Information Technology but not the associated People, Processes and documentation.” Overview In IT Infrastructure, the above technological components contribute to and drive business functions. Leaders and managers within the IT field are responsible for ensuring that both the physical hardware and software networks and resources are working optimally. IT infrastructure can be looked at as the foundation of an organizatio ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Research Triangle Institute
Research Triangle Institute, trading as RTI International, is a nonprofit organization headquartered in the Research Triangle Park in North Carolina. RTI provides research and technical services. It was founded in 1958 with $500,000 in funding from local businesses and the three North Carolina universities that form the Research Triangle. RTI research has covered topics like HIV/AIDS, healthcare, education curriculum and the environment, among others. The US Agency for International Development accounts for about 35 percent of RTI's research revenue. History In 1954 a building contractor, met with the North Carolina state treasurer and the president of Wachovia to discuss building a research park in North Carolina to attract new industries to the region. They obtained support for the concept from state governor Luther Hodges and the three universities that form the research triangle: University of North Carolina at Chapel Hill, Duke University and North Carolina State University ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]