Abstract
This chapter discusses the use of authorization and access control. Authorization allows one to specify where the party should be allowed or denied access, and access control enables one to manage this access at a very granular level. Authorization is implemented through the use of access controls, more specifically through the use of access control lists and capabilities, although the latter are often not completely implemented in most of the common operating systems in use today. The chapter covers the various access control models that are used when putting together such systems, such as discretionary access control, mandatory access control, and role-based access control. The use of the simpler access control models is often, seen such as discretionary access control, mandatory access control, role-based access control, and attribute-based access control, in daily lives. In environments that handle more sensitive data, such as those involved in the government, military, medical, or legal industry, the use of multi-level access control models, including Bell LaPadula, Biba, Clark-Wilson, and Brewer and Nash, may be seen. In addition to the commonly discussed concept of logical access control, the chapter also deals with some of the specialized applications that one might see when looking specifically at physical access control.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
