Access Control

Owner-Based: The resource owner determines who can access the resource.
Example: Unix file system permissions where file owners set read/write/execute permissions.
Mandatory Access Control (MAC)

System-Based: Access policies are set by the system and cannot be changed by users.
Example: Military classifications where access is determined by security clearances.
Role-Based Access Control (RBAC)

Role-Based: Access is granted based on user roles within an organization.
Example: An employee in the "Manager" role has access to certain HR data that a "Staff" role does not.
Attribute-Based Access Control (ABAC)

Attribute-Based: Access is granted based on attributes of the user, environment, and resource.
Example: Policies that grant access based on time of day, IP address, or user department.
Components of Access Control Systems
Authentication

Verifies the identity of a user or service.
Methods: Passwords, biometrics, multi-factor authentication (MFA), digital certificates.

Principle of Least Privilege (PoLP)

Grant users the minimum access necessary to perform their tasks.
Separation of Duties

Divide tasks and permissions among multiple users to reduce the risk of fraud or error.
Regular Audits and Reviews

Regularly review access permissions and logs to ensure compliance and identify potential security issues.
Strong Authentication Mechanisms

Use strong authentication methods such as MFA to enhance security.
Automated Provisioning and De-provisioning

Automate the process of granting and revoking access to ensure timely updates to user permissions.
Use of Centralized Access Control Systems

Implement centralized systems like Identity and Access Management (IAM) to manage access across multiple services and platforms.