Synonyms
Definition
Access control is a security function that protects shared resources against unauthorized accesses. The distinction between authorized and unauthorized accesses is made according to an access control policy.
Theory
Access control is employed to enforce security requirements such as confidentiality and integrity of data resources (e.g., files, database tables) to prevent unauthorized use of resources (e.g., programs, processor time, expensive devices), or to prevent denial of serviceto legitimate users. Practical examples of security violations that can be prevented by enforcing access control policies are: a journalist reading a politician’s medical record (confidentiality), a criminal performing fake bank account bookings (integrity), a student printing...
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Saltzer JH, Schroeder MD (September 1975) The protection of information in computer systems. Proceedings of the IEEE 9(63):1278–1308
Clark DD, Wilson DR (1987) A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy, pp 184–194
Brewer D, Nash M (1989) The Chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, pp 206–214
Landwehr CE (September 1981) Formal models for computer security. ACM Comput Surv 13(3):247–278
Lampson BW (January 1974) Protection. ACM Operating Syst Rev 8(1):18–24
Harrison MH, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Griffiths PP, Wade BW (September 1976) An authorization mechanism for a relational database system. ACM Trans Database Syst 1(3):242–255
Fagin R (September 1978) On an authorization mechanism. ACM Trans Database Syst 3(3):310–319
Lampson BW, Abadi M, Burrows M, Wobber E (November 1992) Authentication in distributed systems: theory and practice. ACM Trans Comput Syst 10(4):265–310
Dennis JB, Van Horn EC (March 1966) Programming semantics for multiprogrammed computations. Commun ACM 9(3): 143–155
Fabry RS (1974) Capability-based addressing. Commum ACM 17(7):403–412
Linden TA (December 1976) Operating system structures to support security and reliable software. ACM Comput Surv 8(4):409–445
Levy HM (1984) Capability-based computer systems. Digital Press, Maynard
Ellison CM, Frantz B, Lampson B, Rivest R, Thomas BM, Ylönen T (September 1999) SPKI certificate theory. RFC 2693
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (February 1996) Role-based access control models. IEEE Comput 29(2): 38–47
Sandhu RS (November 1993) Lattice-based access control models. IEEE Comput 26(11):9–19
Bell DE, LaPadula LJ (May 1973) Secure computer systems: a mathematical model. Mitre Technical Report 2547, Volume II
Biba KJ (1977) Integrity considerations for secure computer systems. Mitre Technical Report 3153
Denning DE (1976) A lattice model of secure information flow. Commun ACM 19(5):236–243
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Brose, G. (2011). Access Control. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_179
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_179
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering