Access control is a mechanism that controls who can access securable objects and what actions they can perform on them. A securable object is an object whose access can be defined, controlled, and monitored by the operating system.
An operating system uses access control to define the following things:-
- How users, services, and applications can interact with the operating system
- What a specific user, group member, or application can do when interacting with the operating system
- How users can access a file or directory and what they can do after accessing it
- How users can use and access the operating system and its services
- Who is allowed to access specific data, apps, and resources, and in what circumstances
Access control keeps confidential data and information secure. On an operating system, it secures the following objects.
- Kernel objects such as processes, threads, mutexes, jobs, named pipes, semaphores, events, and access tokens
- File system objects such as files and directories
- Installed services
- Printers and print jobs
- Registry keys
- Shared folders and devices
Access control types
There are four types of access control: DAC, MAC, RBAC, and ABAC. Each defines a unique way to secure objects. Administrators can select and implement any model based on their requirements.
DAC (Discretionary access control)
This model is user-centric. In this model, users are responsible for defining access rules for their objects. Every object has an owner. Owners define access rules for their objects at their discretion.
MAC (Mandatory access control)
In this model, a central authority defines, monitors, and regulates access rules for all users in the organization. Usually, the authority categorizes access rules into tiers. This model is mainly used in government and military contexts.
RBAC (Role-based access control)
In this model, access rules are defined based on business requirements. The main objective of this model is to provide users only what they need to perform their jobs.
ABAC (Attribute-based access control)
In this model, access rules are defined based on a combination of attributes and environmental conditions, such as location and time. This is the most complex and granular access control model. It is mainly used in computer networks.
How access control works
Access control uses credentials to identify users. Passwords, pins, security tokens, and biometric scans are commonly used credentials.
Credentials can be categorized into two types: single-factor and multifactor. In single-factor authentication, the user needs to authenticate only one time. In multifactor authentication, the user needs to authenticate two or more times. After authorization, access control provides appropriate access to the user on the protected object.
Usually, an administrator or owner defines access control rules for objects. If access control rules are associated with users, files, and directories, they are known as access rights, access privileges, trustee rights, or permissions. If they are associated with files and directories, they are known as attributes or flags.
