Security Management Access Control System
Abstract : This paper deals with Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. This article explains access control and its relationship to other security services such as authentication, auditing. And administration. It then reviews the access matrix model, and follows with a discussion of access control policies characterize and describe what should be protected and how.
? We provide a taxonomy of various existing schemes based on the defining scope of an identity and discuss the benefits and Umitations of each.
? A new process that is initiated by an existing process can be forced to inherit the authenticated identity of the parent user process.
? Access control is decided over an existing security context and a controlled resource.
? This approach can be implemented to leverage existing system or network wide access-control mechanisms.
? The ushering of the Web computing era is increasingly accepted due in large part to the fact that it builds on existing computing infrastructures.
? Security is the most important issue in the information system.
? Responding to the problem of a large number of definitions of access rights of the large number of objects and subjects.
? The Mandatory Access Control (MAC) policies are known to be defined to prevent the Trojan Horse problem.
? The control program typically executes in supervisor state while user programs always execute in the problem-program state.
? The public-key establishment problem relates to trust in the binding that exists between a subject and a public key.
• It specifies what data is to be exchanged, the protection mechanisms to be used for the exchange, and any policies that govern the automatic propagation of those attributes for synchronization purposes.
• The simplistic information model of PGP certificates is intended for the main purpose of securing email exchanges.
• This attribute identifies an identity that can be used by the AC holder for charging purposes.
• They can serve many purposes from the basic functions of keeping track of the display mode that a user selects (e.g., graphic frames or text only) to representing the current state of a shopping cart for a Web store buyer.
? It is widely used not only in abstract definition of the security requirements for the system, hut also in system design and implementation the purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform.
? Protecting computing resources from extreme degradation of performance or from deliberate denial of service takes priority over the enforcement of any access-control policy.
? The complexity of a federation formed by a hybrid configuration may directly affect the performance of constructing a trust path.
? When multiple registries are used, consistency and synchronization of identity attributes became a necessity.
|