Chapter 3

Authorization and Access Control

In this chapter we discuss the use of authorization and access control. Authorization is the next step in the process that we work through in order to allow entities access to resources. We cover the various access control models that we use when putting together systems such as discretionary access control, mandatory access control, and role-based access control. We also talk about multilevel access control models, including Bell–LaPadula, Biba, Clark–Wilson, and Brewer and Nash. In addition to the commonly discussed concept of logical access control, we also go over some of the specialized applications that we might see when looking specifically at physical access control.


Access control; attribute-based ...

Get The Basics of Information Security, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.