Access control is a security measure that gives administrators the ability to allow or deny access to resources and data. Access control follows authentication; once the user’s identity is established, access control measures of various types determine what actions the user can per- form on a given resource. Access control is synonymous with authorization.
Figure: Access control.
User Account Types
Windows®includes several built-in user accounts to provide you with initial access to the computer.
Complete administrative access to the computer. This is the most powerful account on the computer and should be protected with a strong password. In the highest security applications, you might also consider renaming the account.
Power Users have more authorization than standard non-privileged users, but not as much as administrators. They may be able to install most software and updates, but will be restricted from making changes that affect security or the core operating system.
This account enables users to use most of the computing software on the computer. However, higher permission is required to uninstall or install software and hardware. This account also limits the conﬁguration of security settings, operational settings, and deletion of necessary system ﬁles. This may also be referred to as a non-privileged user.
Limited computer access to persons without a logon user account. By default, the Guest account is disabled when you install the operating system. You enable this account only if you want to permit users to log on as Guest.
Windows includes built-in group accounts that you can use to control basic system security.
Perform all administrative tasks on the computer. Default Members: Administrator. If you create an account during installation of Windows, it is added to this group.
Perform any tasks for which the group has permissions. Default Members: Guest.
Available on Windows®XP.
Run pre-Windows®2000 applications, modify some system-wide settings (such as the time), install some programs, and manage some local accounts.
Default Members: None
Run applications and perform other day-to-day computer tasks. Perform any task for which the group has been granted permissions.
Default Members: None
Access Control Measures
There are three primary methods for managing access control.
Mandatory Access Control (MAC):
In MAC, access is controlled by comparing an object’s security designation and a user’s security clearance. Objects, such as ﬁles and other resources, are assigned security labels of varying levels, depending on the object’s sensitivity. Users are assigned a security level or clearance, and when they try to access an object, their clearance level must correspond to the object’s security level. If there is a match, the user can access the object; if there is no match, the user is denied access. MAC security labels can generally be changed only by a system administrator and not by the object’s owner. MAC is highly secure but is not widely implemented because it is not as easy to administer as other authorization methods.
Discretionary Access Control (DAC):
In DAC, access to each object is controlled on a customized basis based on a user’s identity. Objects are conﬁgured with an Access Control List (ACL) of subjects (users or other entities) who are allowed access to them. An administrator has the discretion to place the user on the list or not, and to conﬁgure a particular level of access. If a user is on the list, the user is granted access at the assigned level; if the user is not on the list, access is denied. Unlike MAC, in a DAC authorization scheme, object owners can generally modify their objects’ access control lists.
Role-based Access Control (RBAC):
In RBAC, users are assigned to pre-deﬁned roles, and network objects are conﬁgured to allow access only to speciﬁc roles. Roles are created independently of user accounts. Access is controlled based on a user’s assigned role. A user might have more than one role assigned to him at one time or might switch from one role to another over the course of his employment. An administrator can assign to a role only those privileges users in the role need to complete their work.
Security classiﬁcation refers to the levels of security and access to data. The military and government use a type of MAC access control to secure data. The privilege classiﬁcations typically used are “top secret,” “secret,” “conﬁdential,” and “unclassiﬁed.”
Role Set-Based Access Control
Another form of access control is called Role Set-Based Access Control (RSBAC). In this system, privileges are determined by roles, but the roles are dynamically assigned at the time access is requested, based on policies and rules determined by the administrator. You might see this system referred to as Rule-Based Access Control; do not confuse it with Role-Based Access Control, although both are abbreviated RBAC.