Security Architecture Models - Graham Denning Access Control Model
ฝัง
- เผยแพร่เมื่อ 14 พ.ค. 2020
- Security Architecture Models - Graham Denning Access Control Model. Organization’s data is a very important asset. Now the question arises are
Who should access your company’s data? How do you make sure those who attempt access the data, have actually been granted that access?
Under which circumstances, do you deny access to a user with access privileges?
To effectively protect your data, your organization’s access control policy must address these questions. Access control is important for organizations that faces the challenges security professionals can face.
Hence, Access control is a method of making sure that, those who are accessing the data, have the appropriate access permissions such as read, write or modify the company’s data.
A security model that addresses the access control is Graham Denning Model.
The Graham-Denning model primarily concerns itself with
how users and objects are created?
how the privileges are assigned?
how ownership of objects is managed?
how we can delete subjects and objects securely?
The Graham-Denning Model is based on three parts:
objects
subjects
rules
It provides a more granular approach for interaction between subjects and objects.
In this model, Subject means User, Object means Documents or Application. This model defines 8 golden rules
This model defines eight protection rights and they are said to be eight golden rules.
Rule number one is Create Object. It allows the commanding subject to introduce a new object to the system.
Rule number two is create subject.
Rule number three is delete an object.
Rule number four is delete a subject. All these three rules have the similar effect of creating and destroying a subject or object.
Rule number five is read access to an object. It allows a subject to determine the current access rights of a subject to an object.
Rule number six defines grant access to an object. It allows the owner of an object to convey any access rights for an object to another subject. Here passing of access rights from one subject to another.
Rule number seven is delete access to an object. It allows a subject to delete a right of another subject for an object.
The last rule is Transfer of Access right. It allows a subject to transfer one of its rights for an object to another subject.
These set of rules provides the properties necessary to model the access control mechanisms to protect a system. - วิทยาศาสตร์และเทคโนโลยี
very well explanation
Explain the concepts rather than just reading the contents in textbook.