Access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by automated systems.
In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects. Subjects and objects both are considered as software entities and as human users. Systems equate subjects with user IDs, so that all processes started by a user by default have the same authority.
In some models, any software entity can potentially act as both a subject and object.
Access control models used by current systems tend to fall into one of two classes:
those based on capabilities and those based on access control lists (ACLs).
In a capability-based model, holding an unforgivable reference or capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel.
In an ACL-based model, a subject's access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).
In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects. Subjects and objects both are considered as software entities and as human users. Systems equate subjects with user IDs, so that all processes started by a user by default have the same authority.
In some models, any software entity can potentially act as both a subject and object.
Access control models used by current systems tend to fall into one of two classes:
those based on capabilities and those based on access control lists (ACLs).
In a capability-based model, holding an unforgivable reference or capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel.
In an ACL-based model, a subject's access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).
The reasons for controlling access - to prevent unauthorized access of someone that may steal or damage property or harm people - is just the beginning of the rational that justifies the expense of an access control system. Improving productivity of employees and limiting exposure to liability are two additional reasons that these systems are commonly deployed.
Good Info regarding RFID...Thanks
ReplyDeleteNice information regarding security systems...
ReplyDelete