Access control (also called protection or authorization) is a security function that protects shared resources against unauthorized accesses. The distinction between authorized and unauthorized accesses is made according to an access control policy. The resources which are protected by access control are usually referred to as objects, whereas the entities whose accesses are regulated are called subjects. A subject is an active system entity running on behalf of a human user, typically a process. It is not to be confused with the actual user.
Access control is employed to enforce security requirements such as confidentiality and integrityof data resources (e.g., files, database tables), to prevent the unauthorized use of resources (e.g., programs, processor time, expensive devices), or to prevent denial of service to legitimate users. Practical examples of security violations that can be prevented by enforcing access control policies are: a journalist reading a politician's medical...
References
Bell, D.E. and L.J. LaPadula (1973). “Secure computer systems: A mathematical model.” Mitre Technical Report 2547, vol. II.
Biba, K.J. (1977). “Integrity considerations for secure computer systems.” Mitre Technical Report 3153.
Brewer, D. and M. Nash (1989). “The chinese wall security policy.” Proc. IEEE Symposium on Security and Privacy, 206–214.
Clark, D.D. and D.R. Wilson (1987). “A comparison of commercial and military computer securit policies.” Proc. IEEE Symposium on Security and Privacy, 184–194.
Denning, D.E. (1976). “A lattice model of secure information flow.” Communications of the ACM, 19 (5), 236–243.
Dennis, J.B. and E.C. Van Horn (1966). “Programming semantics for multiprogrammed computations.” Communications of the ACM, 9 (3), 143–155.
Ellison, C.M., B. Frantz, B. Lampson, R. Rivest, B.M. Thomas, and T. Ylönen (1999). SPKI Certificate Theory, RFC 2693.
Fabry, R.S. (1974). “Capability-based addressing.” Communications of the ACM, 17 (7), 403–412.
Fagin, R. (1978). “On an authorization mechanism.” ACM Transactions on Database Systems, 3 (3), 310–319.
Griffiths, P.P. and B.W. Wade (1976). “An authorization mechanism for a relational database system.” ACM Transactions on Database Systems, 1 (3), 242–255.
Harrison, M., W. Ruzzo, and J. Ullman (1976). “Protection in operating systems.” Communications of the ACM, 19 (8), 461–471.
Lampson, B.W. (1974). “Protection.” ACM Operating Systems Rev., 8 (1), 18–24.
Lampson, B.W., M. Abadi, M. Burrows, and E. Wobber (1992). “Authentication in distributed systems: Theory and practice.” ACM Transactions on Computer Systems, 10 (4), 265–310.
Landwehr, C.E. (1981). “Formal models for computer security.” ACM Computing Surveys, 13 (3), 247–278.
Levy, H.M. (1984). Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA.
Linden, T.A. (1976). “Operating system structures to support security and reliable software.” ACM Computing Surveys, 8 (4), 409–445.
Saltzer, J.H. and M.D. Schroeder (1975). “The protection of information in computer systems.” Proc. of the IEEE, 9 (63), 1278–1308.
Sandhu, R.S. (1993). “Lattice-based access control models.” IEEE Computer, 26 (11), 9-19.
Sandhu, R.S., E.J. Coyne, H.L. Feinstein, and C.E. Youman (1996). “Role-based access control models.” IEEE Computer, 29 (2), 38–47.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Brose, G. (2005). Access Control. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_3
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering