Abstract
Access controls are considered as important security mechanisms. They usually target (authenticated users: Those users who can legally access subject information system or resource). This indicates that they typically come after an initial stage called (authentication). In authentication, the main goal is to decide whether a subject user, traffic, or request can be authenticated to access the information resource or not. As such authentication security control decision or output is a binary of either, yes (authenticated; pass-in), or no (unauthenticated; block). Access control or authorization is then considered the second stage in this layered security control mechanism. For example, it is important to decide whether subject user has a view/read, modify, execute, etc. type of permission or privilege on subject information resource. In this chapter, we will cover issues related to access controls in operating systems, databases, websites, etc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Bibliography
Alsmadi I, Xu D (2015) Security of software defined networks: a survey. Comput Secur 53:79–108
Cisco Knowledge Base (2018) Configuration of MAC based access control lists on ESW500 series switches. Article ID: 503. Cisco. https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=cbf8f6291d654ff1a840b0726680815c_MAC_Based_ACL_On_ESW_500_Series_Devices.xml&pid=2&converted=0
Domingo-Ferrer J (2009) Inference control in statistical databases. In: Encyclopedia of database systems. Springer, New York, pp 1472–1476
Ghiglieri M (2017) Smart TV privacy risks and protection measures. Ph.D. Thesis, Technische Universität, Darmstadt
NIST 2010. A report on: 2010 economic analysis of role-based access control. http://csrc.nist.gov/groups/SNS/rbac/documents/20101219_RBAC2_Final_Report.pdf
OWASP (2018) https://www.owasp.org/index.php/Access_Control_Cheat_Sheet#tab=Other_Cheatsheets
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alsmadi, I. (2019). Identity Management. In: The NICE Cyber Security Framework. Springer, Cham. https://doi.org/10.1007/978-3-030-02360-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-02360-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02359-1
Online ISBN: 978-3-030-02360-7
eBook Packages: EngineeringEngineering (R0)