Authorization grants a user the right to access a resource. Access control is the means of enforcing those authorizations. In general, it can be said that access control is the method used to prevent unauthorized use of resources. There are two methods to prevent unauthorized access:
a) The filter of access requests
Verifies the rights of a user regarding a resource, when the user tries to access it.
Avoid any attempt to access by unauthorized users. The first method relates to access control mechanisms, that will be detailed further below; the second involves measures such as security physical, the hardware of security, etc. According to the policy of control, it can classify the access as is based on the identity of the user or based on rules.
a) Identity-based access control
It is possible to establish differences between individual accesses and group accesses:
Individual accesses: They are based on a series of lists for each resource, which can be accessed by users indicating their rights. Thus, we would have for example that: A resource X can be accessed by user A, who has read and write rights, and by user B, who only has read rights.
Group access: The rights are provided to previously defined user groups. In this way, several users who may have the same rights against a resource are identified by a unique name, thus facilitating administration and auditing tasks.
b) Rules-based access control
There are different methods to control access to resources based on rules. For example:
Multilevel: Levels are defined for accesses, based on previously agreed parameters, such as the date of creation, the physical location of the resource, etc., generating various levels such as restricted, confidential, secret, etc.
Multi-user control: The presence of certain users with previously determined rights is required to access the resource.
Context-based: They are oriented on external factors such as access time, user location, etc.
Access control mechanisms
Once the access control policies are known, we will move on to the access control mechanisms.
a) Access control lists
A list of access control represents the rights of the users in one matrix This mechanism is useful for group reduced of users and resources, as these tend to be stable.
This technique is used in environments with multilevel policies. Each resource is assigned a label that identifies its classification in the system. Also, each user receives a label, depending on their privileges, which will be transmitted along with the access request. The resource will then compare the labels and apply the respective cybersecurity policies.
c) Password-based mechanisms
Using a password, the user is authorized to access the requested resource. It is the best-known method, but it has the same weaknesses as those of the password authentication service.
d) Access control in communication networks and route control
In the case of communication networks, two important cases must be added:
Connection access control: Using which it is controlled if two systems can establish communication between them.
Access control of information to the network: Through which it is established whether a type of information can enter a system. For their part, the route control mechanisms guarantee that the information travels only through certain routes, networks or subnets, with certain security attributes.
The confidentiality of the information not only involves avoiding that is to reveal the content of messages, but it also means protecting information to the size and dynamic variations that can be: creating, modifying, sending or receiving.
Confidentiality can be provided in two different ways:
- In the first case, the intruder is prohibited from any type of access to information. This is called access control.
- In the second case, the intruder is allowed to observe a representation of the information, but this representation is such that he cannot deduce the content. This method is called information concealment.
- The access control method to ensure the confidentiality of the information involves a series of countermeasures such as:
- Access control mechanisms, that filter the requests of any agent who wishes to access the information.
- Flow control, which regulates the flow of information from protected systems to less protected systems.
- Transmission technologies with information protection, based on spread spectrum techniques.
- Protection against electromagnetic emissions from systems.
They are all those actions that ensure the confidentiality of the information. They are between them:
It provides means to convert an information block into an encrypted block and vice versa, by using known keys at the encryption and decryption points.
b) Size concealment
In order not to disclose the size of the message, cloaking techniques are used, such as adding bits to the information before encryption.
c) Traffic padding
As with the data, care is taken not to disclose the amount of traffic generated. To do this, bits are often increased to the messages to be transmitted or additional padding strings are transmitted. This technique is complemented by encryption and must be done in a way that allows the receiver to distinguish the information from the padding data.
The information integrity services protect it against modification, loss or substitution, whether accidental or intentional For the detection of information corruption, there are two ways to recover the information. In the first, the recipient is notified that the information has been modified,
The non-repudiation service protects the user if another user, with whom he established a connection, denies that this occurred. According to the service provision scenario, we can talk about:
a) Non-repudiation of origin
An employee in case of disagreement on whether a certain message was originated by one of the parties or on the date on which it was produced.
b) Non-repudiation of receipt
An employee in case of disagreement about receiving a certain message or the date that reception occurred.
hi i am working with avanturebytes to stop cybercrimes.