Categories
Cybersecurity

IAAA

To grant the triad CIA we must adopt IAAA: Identification, Authentication Authorization and Accountability to avoid the nonrepudiation.

  1. Identification: includes all steps act to verify the identity of a user (ID card or Passport, Badge), process, or device, usually as a prerequisite for granting access to resources in an IT system
  2. Authentication: is the act of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.

Multifactor Authentication consists in

  • What you know: answering to question whose only you know the answer
  • What you have: Token or OTP or RFID
  • Who you are: Biometric
  1. Authorization Access privileges granted to a user, program, or process or the act of granting those privileges.
  2. Accountability: is the security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.

    Access Control List

ACL is the process of granting or denying specific requests to obtain and use information and related information processing services applying a register of:

  • users (including groups, machines, processes) who have been given permission to use a particular system resource, and
  • the types of access they have been permitted.

Following are the main methodologies applied.

  MAC DAC RBAC RuBAC

  • MAC (Mandatory Access Control) supports a security requirement of confidentiality more so than the others.
  • DAC (Discretionary Access Control) supports the security requirement of availability more so than the others.
  • RBAC (Role Based Access Control) supports the security requirement of integrity more so than the others.
  • RuBAC (Rule Based Access Control) access is allowed or denied to resource objects based on a set of rules defined by a system administrator. As with Discretionary Access Control, access properties are stored in Access Control Lists (ACL) associated with each resource object. When a particular account or group attempts to access a resource, the operating system checks the rules contained in the ACL for that object. As with MAC, access control cannot be changed by users. All access permissions are controlled only by the system administrator.

 

Post Views: 601
Cybersecurity
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.