Access controls are considered as important security mechanisms. They usually target (authenticated users: Those users who can legally access subject information system or resource). This indicates that they typically come after an initial stage called (authentication). In authentication, the main goal is to decide whether a subject user, traffic, or request can be authenticated to access the information resource or not. As such authentication security control decision or output is a binary of either, yes (authenticated; pass-in), or no (unauthenticated; block). Access control or authorization is then considered the second stage in this layered security control mechanism. For example, it is important to decide whether subject user has a view/read, modify, execute, etc. type of permission or privilege on subject information resource. In this chapter, we will cover issues related to access controls in operating systems, databases, websites, etc.
- Cisco Knowledge Base (2018) Configuration of MAC based access control lists on ESW500 series switches. Article ID: 503. Cisco. https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=cbf8f6291d654ff1a840b0726680815c_MAC_Based_ACL_On_ESW_500_Series_Devices.xml&pid=2&converted=0
- Domingo-Ferrer J (2009) Inference control in statistical databases. In: Encyclopedia of database systems. Springer, New York, pp 1472–1476Google Scholar
- Ghiglieri M (2017) Smart TV privacy risks and protection measures. Ph.D. Thesis, Technische Universität, DarmstadtGoogle Scholar
- NIST 2010. A report on: 2010 economic analysis of role-based access control. http://csrc.nist.gov/groups/SNS/rbac/documents/20101219_RBAC2_Final_Report.pdf