Fri Apr 8 06:51:39 PDT 2016

Control Architecture: Access Controls: What access control model is used?


Option 1: Use clearances, classifications, and compartments.
Option 2: Use roles and rules.
Option 3: Use owner authorized.
Option 4: Use a subject object model.
Option 5: Use a possession-based model
Option 6: Pick the best fit of these or create a different enterprise model.


IF A regulatory mandate requires it, or working largely for an organization that uses it, THEN Use clearances, classifications, and compartments.
OTHERWISE IF A model is already in use and changing it would be too expensive or difficult THEN Use the current model.
OTHERWISE IF Workers change tasking often, have many areas of responsibility at a time, and many workers do the same tasks, THEN Use roles and rules,
OTHERWISE IF Content and systems have ownership assigned and delegate work based on their ownership, THEN Use owner authorized,
OTHERWISE IF Well defined individuals or mechanisms have rights or privileges with respect to well defined content, THEN Use a subject object model,
OTHERWISE IF Anyone should be allowed to do anything if they can "afford" it or have been "given" access by someone possessing access THEN Use a possession-based model,
OTHERWISE Pick the best fit of these or create a different enterprise model.


Use clearances, classifications, and compartments:

Clearances are defined by the level of trust of individuals based on background investigations, history, and other factors as defined. Clearances are defined for content based on magnitude of consequences associated with the misuse of the content. Compartments are based on the groupings of content necessary to perform kinds of work. Access is granted based on holding a clearance high enough for the classification of the content, working in an area associated with the content, and having a reasonable need to know the content in order to perform an authorized task. Separation of duties and risk aggregation limit the compartments permitted and, in more advanced cases, the set of compartments allowable to individuals over time.

Clearances, classifications, and compartments access control model

Use roles and rules:

People are assigned roles based on what their job assignments are and access is granted based on a set of management defined rules about what different roles access under what conditions in order to perform their roles. Separation of duties and risk aggregation limit the simultaneous roles permitted and, in more advanced cases, the sequences of roles allowable to individuals and groups over time. Rules also change over time and must be analyzed for separation of duties and risk aggregations.

TellerRead balances, Deposit into accounts, Cash checks under $500, ...
CustomerView own balance, Deposit from own account, withdraw from own account, ...
Branch ManagerApprove transactions from $500 to $500,000, Assign working hours to branch employees, ...
ProgrammerEither change program sources or review changes to other programs, ...
AuditorView transactions on individual accounts, View corporate accounts, ...
JoeTeller, Customer
Roles and rules access control model

Use owner authorized:

Content and systems are "owned" on a fiduciary or actual basis by individuals who make individual determinations about what individuals or groups may access what content under what conditions.

Use a subject object model:

Subjects (people and automated mechanisms) are granted Rights (things that they can do) to Objects (content, containers, and mechanisms) based on management decisions. Risk aggregation, if done, is done by analysis of granting of rights over time.

S\O Payments Invoices Shipping Manufacturing ...
Joe rw . d . ...
Mary w . . d ...
Alice . r r w ...
... . . x . ...
Subject-object access control model

Use a possession-based model:

Access devices of various sorts (e.g., keys, certificates, tickets, tokens, money, etc.) are possessed by individuals or mechanisms, and access is granted based on possession and possible surrender of those devices.

Possession-based access control model

Pick the best fit of these or create a different enterprise model:

It is almost always better to pick one of the above defined mechanisms since they are already realized in implementations of various sorts, however; many of the mechanisms can be repurposed for other uses, and mechanisms available should not limit the manner in which access is modeled.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved