In any given social network, the number of users might be significant, the number of resources that must be protected might be in millions, and hence the number of access control policies that need to be defined might be in billions. If only one permission is incorrectly granted, a user will be given unsupervised access to information and resources which could jeopardize the security of the entire given social network.
Presently, security of information is an indispensable responsibility for all media keeping and sharing information with others. In practice, all applications employ access control methods to protect their information. Access control identifies activities of legal users and governs every attempt performed by these users to
…show more content…
Hence, the following metrics are classified based upon the four categories mentioned above:
1. Ability to combine several related rules. The PBAAC decision engine is able to collect different access control rules, consolidate similar rules and derive a result under the specified condition. These rules can be defined by the controlling user, the target user, and the supervisor of the social network.
2. Ability to combine access control models. Under our approach, two access control models are combined, namely ABAC and PBAC models. By using the ABAC model, access constraints will be defined for each entity, and by using PBAC, policies enforcing access to a resource will be defined. Under our model, policies will be defined by controlling user, the target user, or the supervisor of the social network.
3. Ability to enforce the least privilege principle. Our model includes an entity as supervisor who is the administrator of the social network. The minimum privilege principle will be provided by rules defined by the supervisor. Our model accepts new users with various associated attributes. In order to access control mechanisms supporting the principle of the least privilege, constraints are placed on the attributes belonging to a user.
4. Ability to resolve conflict rules. Rule
- Better Essays
IS3230 Final Project Chris Wiginton Essay
- 1353 Words
- 6 Pages
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
- 1353 Words
- 6 Pages
Better Essays - Decent Essays
IS3230 Access Security Final Project Essay
- 995 Words
- 4 Pages
• Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and
- 995 Words
- 4 Pages
Decent Essays - Decent Essays
Nt1330 Unit 3 Exercise 1
- 1210 Words
- 5 Pages
Access control refers to the mechanisms that identify who can and cannot access a network, resource, application, specific action.
- 1210 Words
- 5 Pages
Decent Essays - Good Essays
It 244 Appendix F Essay
- 890 Words
- 4 Pages
Discretionary access control means only certain permitted users are allowed access to specific things. However, someone with permitted access can let another user use their access. The least privilege principal is where access is only granted to certain systems and certain data that is needed to do the users job. Sometimes temporary access is given to data that is required to access random jobs or to see what that user is doing. When this happens, the access is only temporary, it is imperative to uphold the principal of least privilege to ensure that user does not have access to the data when the job finished.
- 890 Words
- 4 Pages
Good Essays - Decent Essays
Nt2580 Unit 7 Chapter 12
- 769 Words
- 4 Pages
C1 - Discretionary Security Protection: In this sub division Access Control Lists (ACLs) security which protect User/Group/World. Security will protect following Users who are all on the same security level, Username and Password protection and secure authorisations database (ADB), Protected operating system and system operations mode, Periodic integrity checking of TCB, Tested security mechanisms with no obvious bypasses, Documentation for User Security, Documentation for Systems Administration Security, Documentation for Security Testing, TCB design documentation and Typically for users on the same security level.
- 769 Words
- 4 Pages
Decent Essays - Satisfactory Essays
Unit 7 Spiekermann And Cranor
- 160 Words
- 1 Pages
Spiekermann and Cranor [Spiekermann2009] mention three spheres of privacy control based on access to data; the user sphere includes data on devices that are entirely under the user’s control, the recipient sphere includes service servers entirely under the control of a service provider where the user has no access and the joint sphere where users store data on recipients’ servers where both users and data recipients have access to data (such as email, file hosting services, social networks). Users can control the information flow from the user sphere to the other spheres with appropriate and intelligent access control mechanisms. Information processing and sharing in the recipient and joint spheres must be performed according to privacy policies
- 160 Words
- 1 Pages
Satisfactory Essays - Better Essays
CIS 210 - Access Control System Essay
- 1217 Words
- 5 Pages
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
- 1217 Words
- 5 Pages
Better Essays - Decent Essays
Credential Access Control System
- 381 Words
- 2 Pages
Access control system is a system designed to control entry to prevent intruders into selected areas and manage movement of people/vehicles within. Its purpose is to increase security by determining who, when and where are they allowed to enter or exit.
- 381 Words
- 2 Pages
Decent Essays - Good Essays
Through Office Of Grants Giveaway (HBWC)
- 1559 Words
- 7 Pages
The organization has a security objective of protecting the database from being altered. Since the data is held in the system, there are regulations that have been set to the users, and there are also limits to the functions that each user performs. In this case, there are three categories of users each with clearly defined responsibilities. For instance, the administration team has been given full control of the application in that they can even alter codes and perform any variations to the database objects. The other groups of users are the executives; these have the ability to access all the information
- 1559 Words
- 7 Pages
Good Essays - Satisfactory Essays
Policy Enforcement Point (Enforce PEP)
- 128 Words
- 1 Pages
Policy Enforcement Point (PEP) is the system entity that controls access in accordance to a policy, by making requests to a PDP and enforcing the decision which is the result of evaluating a set of XACML policies to "Sanction", "Gainsay", "Indeterminate", or "Not Applicable". PEP was enhanced to handle session management and to enforce Conditional Active Session Access (CASA).
- 128 Words
- 1 Pages
Satisfactory Essays - Decent Essays
Summary: Mandatory Access Controls
- 1247 Words
- 5 Pages
This week the company’s Chief Security Officer (CSO) tasked the IT security and audit group with auditing the company’s current IT system configuration policy and system settings with an emphasis on access control configurations. In a multiple user environment, such as our company and its various business units it is important that the appropriate access restrictions enforce the least privilege model to ensure that employees can only access the data needed for their particular job functions and roles. Without these security configurations and access controls in place, it could be possible for employees to access corporate or customer information when they do not have a valid need. Our security audit will require a detailed analysis of the
- 1247 Words
- 5 Pages
Decent Essays - Decent Essays
Role Based Access Control (RBAC)
- 510 Words
- 2 Pages
Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.
- 510 Words
- 2 Pages
Decent Essays - Better Essays
Access Controls And Access Control Security Essay
- 1253 Words
- 6 Pages
As the use of computers, databases, and technology in general, security has grown to be a powerful tool that has to be used. The threat of outside sources intruding and exploiting crucial information is a threat that is present on a daily basis. As a part of creating and implementing a security policy, a user must consider access control. Access Control is a security tool that is used to control who can use or gain access to the protected technology. Access control security includes two levels; logical and physical. Though database intrusions can happen at any moment, access control provides another security barrier that is needed.
- 1253 Words
- 6 Pages
Better Essays - Better Essays
Questions On Information Security System
- 1271 Words
- 6 Pages
Confidentiality: Access controls help ensure that only authorized subjects can access objects. When unauthorized entities are able to access systems or data, it results in a loss of confidentiality.
- 1271 Words
- 6 Pages
Better Essays - Decent Essays
Triple DES Model
- 8729 Words
- 35 Pages
Access matrix model: Provides object access rights (read/write/execute, or R/W/X) to subjects in a discretionary access control (DAC) system. An access
- 8729 Words
- 35 Pages
Decent Essays