Role of access control in computer-based
information systems, and identify and
discuss widely used authentication factors
Junaid Muzaffar
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Access Control in Computer Systems: Authentication Factors and Principles, Lecture notes of Applications of Computer Sciences
This document delves into the crucial role of access control in computer-based information systems, emphasizing the importance of authentication factors for secure access. It outlines key security goals and principles, including integrity, confidentiality, non-repudiation, authenticity, and availability. Different authentication methods, including knowledge-based, possession-based, and biometric approaches. It also discusses the concept of role-based access control (rbac) and its significance in managing user permissions within organizations.
Typology: Lecture notes
2023/2024
1 / 7
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Access Control in Computer Systems: Authentication Factors and Principles and more Lecture notes Applications of Computer Sciences in PDF only on Docsity!
Role of access control in computer-based
information systems, and identify and
discuss widely used authentication factors
Junaid Muzaffar
Security Goals and Principles
●Goals:
- (^) integrity - modification only by authorized parties
- confidentiality - access only by authorized parties
- (^) non-repudiation - You cannot deny or escape being recognized as the author of something.
- (^) authenticity - verifiability of source
- (^) availability - continuous access by authorized parties
We are concerned with authorisation for service use and/or
object access
How is access control policy expressed and enforced?
thorisation and authentication`
Authorisation is built above authentication (proof of identity – proof that you are who you say you are – will someone/something vouch for you?). Within an administration domain, principals are named and registered as individuals and members of groups. Principals authenticate in their home domain by means of e.g. passwords. The aim is to avoid having to have a username/password for every service. (.... How does one remember them all? ...... ....Use the same one for all? No, break one break all ..... ) A Single Sign On service is needed. Authentication is covered in Security courses. For background reading, slides 29-36 outline some single sign on systems for cross-domain service use: Raven, Shibboleth, OpenID