In the world of computing, security plays a crucial role in safeguarding resources. Over the past decade, various security models have been created to ensure the confidentiality, integrity, and availability of information. They present methods that organizations can adopt to establish formal policies for information security. These policies aim to provide a structured approach for deploying security measures and practices to safeguard sensitive information and prevent security breaches. Having knowledge about different security models, their features, and their suitability for specific situations is crucial. It enables one to make informed decisions on selecting the appropriate security model that can effectively address security concerns and protect computational resources.
Access Control Models
One of the most utilized models, Access Control, is designed to assist in the creation of policies related to system/user-level access for diverse resources such as files, databases, and networks. The rule of thumb is to only provide access to the entity that they need to perform their duties. This model encompasses three main types of controls; Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-based Access Control (RBAC). With DAC, a resource owner has the capability to decide ‘who can access what?’. For example, the owner of a file decides who they want to grant access to and in what capacity (editing or viewing rights). Due to its versatility and ease of use, the DAC model is commonly adopted by smaller organizations.