원문정보
초록
영어
One of the most important components in information systems security is the Access Control policy. In order to ensure the best Access Control policy, it is mandatory to proceed to a modeling phase that respects a set of indications and criteria of a predefined model. There exists several Access Control models, each with a specific contribution. This paper exposes the results found through a SWOT analysis on the well-known models, and presents the advantages and drawbacks of each model. Then, a comparative table between these models is elaborated, in order to get an overview on the types of problems encountered in Access Control and discover the common vulnerabilities between its models. The discovering of the covert channels is among the main results of this study.
목차
1. Introduction
2. The DAC Model (Discretionary Access Control)
2.1. Introduction
2.2. The Lampson Model
2.3. The HRU Model
2.4. Problems Raised from DAC Model
3. The MAC model (Mandatory Access Control)
3.1. Introduction
3.2. The Bell-LaPadula Model (BLP)
3.3. The Biba Model
3.4. Problems Raised from MAC Model
4. The RBAC model (Role-Based Access Control)
4.1. Introduction
4.2. The RBAC0 Model (Core RBAC)
4.3. The RBAC1 model (The Hierarchy Role)
4.4. The RBAC2 model (The Constraints)
4.5. The RBAC3 Model
4.6. Problems Raised from RBAC Model
5. SWOT Analysis of Access Control Models
6. Conclusion
References