Discretionary Access Control
Gives total control to owner
Security totally depended on owners wish and practices
Mandatory Access Control
Restricts the ability of owners to grant or deny access
Rules are defined by system administrator and enforced by OS
Considered most secure
Role based access control
assigning permissions to users based on role within organisation
Simple , manageable and roll based responsibilities
Check CIA_Triad!
Invented by Kenneth J. Biba Used to maintain Integrity Data and subjects grouped into ordered levels Read and write on own level No read down No write up
3 Integrity Rules:
- SIMPLE INTEGRITY RULE: NO READ DOWN
- STAR INTEGRITY RULE: NO WRITE-UP
- STRONG STAR INTEGRITY RULE : NO READ WRITE UP DOWN
Invented by David Elliot Bell and Leonard J. LaPadula Used to maintain Confidentiality Read and write on own level No read up No write down
3 Confidentiality Rules:
- SIMPLE CONFIDENTIALITY RULE: NO READ UP
- STAR CONFIDENTIALITY RULE: **NO WRITE DOWN **
- STRONG STAR CONFIDENTIALITY RULE: NO READ WRITE UP DOWN
- Lecture notes from IT Infra
- DAC
- MAC
- geekforgeeks