O'Reilly logo

Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by Eduardo Fernandez-Buglioni

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 6

Patterns for Access Control

With the Berlin (defense) I was able to set up a fortress that he could come near but not breach.

Vladimir Kramnik (ex-world chess champion)

6.1 Introduction

Once a subject has been granted access to a system, we need to control their access to specific resources. The rights of the subjects of the system are defined using some model of access control and expressed in the form of authorization rules. Security models are a more precise and detailed expression of policies and are used as guidelines to build and evaluate systems, usually are described in a formal or semi-formal way.

Models can be discretionary or mandatory. In a discretionary access control (DAC) model, users can be owners of data and can transfer their rights at their discretion: that is, in a DAC model, there is no clear separation of use and administration; users can be owners of the data they create and act as their administrators. In a mandatory access control (MAC) model, only designated users are allowed to grant rights, and users cannot transfer them. Users and data are classified by administrators, and the system applies a set of built-in rules that users cannot circumvent.

Orthogonal to this classification, there are several models for information access control that differ in how they define and enforce their policies [Gol06], [Sum97]. The most common are:

An Access ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required