Analysis of Access Control Principles and Methodologies

Verified

Added on 2022/09/30

AI Summary

This assignment provides a detailed overview of access control, exploring its essential processes, key principles, and various methodologies. It begins by defining access control and its role in securing computer systems, emphasizing the importance of physical and logical access controls. The assignment then delves into the core processes of identification, authentication, and authorization, along with the principle of multi-factor authentication. It further examines the fundamental principles underpinning access control, including identification, authentication, authorization, and accountability. The assignment also categorizes access control methodologies, highlighting different control types such as deterrent, preventative, corrective, recovery, and compensating controls, as well as management, operational/administrative, and technical controls. Finally, it defines mandatory access control (MAC), explaining its operational constraints and its role in maintaining the security of sensitive information, particularly in government and military settings. The assignment concludes by providing a list of references used in the research.

Running Head: ACCESS CONTROL 1
Access Control
Name:
Institution Affiliation:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ACCESS CONTROL 2
What are the essential processes of access control?
There are important processes of control that act to be the security technique that aid in
the operation of regulation of who and what can view or utilize resources within the computing
setting. The process is useful in security as it helps in minimizing danger to the operations of
business or organization (Cruz, Kaji, & Yanai, 2018). Besides, some of the essential processes of
access control consist of physical together with logical access control. For instance, physical
access control helps in limiting access to various places such as campuses, rooms, buildings and
physical assets of information technology. Conversely, logical access control works by limiting
connections to different computer networks, data, and system files. The essential processes of
access control comprise of the idea of performing identification authentication as well as
authorization of computer users and entities by evaluating much-needed login credentials. Such
login credentials that are authenticated by access control comprise of personal identification
numbers (PINs), passwords, biometric scans, security tokens, or other factors of authentication
(Hu & Wang, 2019). The different essential process of access control is the provision of
multifactor authentication. The access control through multifactor authentication allows for two
or more authentication factors to be created that are an essential section of layered defense used
in protecting access to different control systems.
What are the key principles on which access control is founded?
Access control relies upon different principles to effectively offer security to access to
information within operations of organization or business. Some of the principles that access
controls are founded include principle of identification, authentication, authorization, along with
accountability. In most instances, the principle of identification works hand in hand with

ACCESS CONTROL 3
authentication (Kumari & T.Chithraleka. 2014). Besides, identification as a principle of access
control outlines the process through which the identity of the object is ascertained. In some
instances, identification takes place by utilizing some form of identification to ascertain the
identity of the object. However, the principle of authentication remains to be the process through
which particular data is verified and proven in the process of securing data of an organization or
business operations. It is clear that through the process of authentication, any form of access data
is verified to be true in nature. Additionally, the principle of authorization remains to be part of
the access control that is determined by the system of access control. Access control is founded
on the principle of authorization as it forms the process through particular levels of access that
are granted to the access control subject. Moreover, accountability is itself responsible for the
other three principles that include authentication, identification, and authorization in improving
security in the context of access control. It aid in ensuring that the system of access control is
accountable for any security linked-transaction help in the provision of accountability
(P.Lokhande & Patil, 2019). In most scenarios, accountability assists in the process of keeping
track of the actions accomplished by the responsible systems and individuals within the
operations of organizations.
Identify at least two approaches used to categorize access control methodologies and list the
types of controls found in each
Several approaches are utilized to categorize methodologies of access control in every
business or organization. The first method always defines the controls by the process of identity
as well as grouping them under different categories (Baghla & Bhatia, 2016). Such categories
comprise of:-

ACCESS CONTROL 4
 Deterrent – Useful in reducing the probability or chances of or preventing the incipient
incident
 Preventative – Aids a given company in the process of deterring away from the event
 Corrective – It aids in the process of correcting the situation or reducing the harm
implicated during the incident
 Recovery – It is a process that helps in recovering different orders of operations back to
normal functions
 Compensating – It aids in the process of solving the defect or fault
The other method used in categorizing access control as mentioned in different NIST Special
Publication Series classifies controls with regards to how their operations influence the
organization (Ge & Zhao, 2018). Such a method includes:-
 Management – It ensures that security measures are implemented through allocated
planners. The planners are then able to combine into the various techniques of
management of the company to improve the security status of a given organization (Cruz,
Kaji, & Yanai, 2018). Different security administrators regularly practice the type of
control of management as a way of developing, executing, and maintaining track of other
systems of control within the operations of businesses and organizations.
 Operational or administrative – It helps in the process of controlling and management
of operational duties of any security connected to the procedure of the organization or
business operations.
 Technical – It is a type of access control that has been executed as the reactive device
useful in solving the immediate problems of the organization as it reacts to the real

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ACCESS CONTROL 5
occurrences of the technicalities in business settings (Hu & Wang, 2019). It also aids the
tactical section of the security model to function effectively.
What is mandatory access control?
It refers to the kind of access control by which the systems of operation tend to
constrains the capability of the initiator to access or generally conduct some sort of operation on
the target or object. In most operations of organizations and businesses, mandatory access
control criteria are always defined by the administrator of the system. The security kernel or
operating system strictly enforces the mandate administrator of systems (Masar, Bartos, &
Klimes, 2014). Such restrictions cannot be in any way altered by the end-users. Furthermore,
mandatory access control works differently when employed in government and military
facilities. In such facilities, MAC works by assigning the classification label to every file system
object. Such classification ideas include maintenance of secret, confidential, and top secret on
every resource used (Jiang, Wang, Yu, Zhang, & Chen, 2013). Hence, mandatory access control
remains to be the most secure access control setting that is available. It requires careful planning
along with continuous monitoring to maintain classifications of all users and objects of resources
up to date. Therefore, mandatory access security (MAC) stands out to be the security strategy
that works by restricting the ability that every owner of the resource has to grant or deny access
to resource objects within the file system

ACCESS CONTROL 6
References
Baghla, R., & Bhatia, R. (2016). Review of Context Aware Access Control Approaches on Web
Data. International Journal Of Computer Applications, 147(9), 5-9. doi:
10.5120/ijca2016911168
Cruz, J., Kaji, Y., & Yanai, N. (2018). RBAC-SC: Role-Based Access Control Using Smart
Contract. IEEE Access, 6, 12240-12251. doi: 10.1109/access.2018.2812844
Ge, H., & Zhao, Z. (2018). Security Analysis of Energy Internet With Robust Control
Approaches and Defense Design. IEEE Access, 6, 11203-11214. doi:
10.1109/access.2018.2806941
Hu, X., & Wang, L. (2019). Improved Robust Constrained Model Predictive Control Design for
Industrial Processes Under Partial Actuator Faults. IEEE Access, 7, 34095-34103. doi:
10.1109/access.2019.2893454
Jiang, S., Wang, J., Yu, H., Zhang, T., & Chen, R. (2013). Improved mandatory access control
model for Android. Journal Of Computer Applications, 33(6), 1630-1636. doi:
10.3724/sp.j.1087.2013.01630
Kumari, K., & T.Chithraleka. (2014). A Comparative Analysis of Access Control Policy
Modeling Approaches. International Journal Of Secure Software Engineering, 3(4), 65-
83. doi: 10.4018/jsse.2012100104

ACCESS CONTROL 7
Masar, J., Bartos, J., & Klimes, C. (2014). Mandatory Access Control Policies Based on Vague
Requirements. International Journal Of Intelligent Computing Research, 5(1), 382-390.
doi: 10.20533/ijicr.2042.4655.2014.0050
P.Lokhande, M., & Patil, D. (2019). Access Control Approaches in Internet of Things.
International Journal Of Computer Sciences And Engineering, 7(5), 1158-1161. doi:
10.26438/ijcse/v7i5.11581161