access control [English]
Other Languages
- control de acceso (Spanish)
- controle de acesso (Portuguese)
Syndetic Relationships
- RT: access; permission
- BT: control architecture
InterPARES Definition
n. ~ Computing · High-level policies and mechanisms designed to secure a system by authorizing users to find, retrieve, use, or store information or other resources to which they need access.
General Notes
In the context of computing, other resources may include things like applications and devices.
Other Definitions
- CNSS-4009 (†730 p. 1): The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).
- CNSS-4009 (†730 p. 2): access control mechanism ~ Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system.
Citations
- CNSS-4009 (†730 p. 2): Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. ¶ Note: This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls. (†1676)
- Cohen 2008 (†652 p. 22): The access control model deals with how properties are associated with people and things to make determinations about what people and things are allowed to do with respect to other people and things. (†1511)
- Hu, et al. 2006 (†728 p. iv): Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems require more sophisticated and complex control. In addition to the authentication mechanism (such as a password), access control is concerned with how authorizations are structured. (†1666)
- Hu, et al. 2006 (†728 p. iv): A state of access control is said to be safe if no permission can be leaked to an unauthorized or uninvited principal. To assure the safety of an access control system, it is essential to make certain that the access control configuration (e.g., access control model) will not result in the leakage of permissions to an unauthorized principal. Even though the general safety computation is proven undecidable [HRU76], practical mechanisms exist for achieving the safety requirement, such as safety constraints built into the mechanism. (†1668)
- Hu, et al. 2006 (†728 p. iv): Access control policies are high level requirements that specify how access is managed and who may access information under what circumstances. . . . At a high level, access control policies are enforced through a mechanism that translates a user’s access request, often in terms of a structure that a system provides. . . . Access control models bridge the gap in abstraction between policy and mechanism. (†1667)
- Hu, et al. 2006 (†728 p. 3): The objectives of an access control system are often described in terms of protecting system resources against inappropriate or undesired user access. From a business perspective, this objective could just as well be described in terms of the optimal sharing of information. After all, the main objective of IT is to make information available to users and applications. A greater degree of sharing may get in the way of resource protection; in reality, a well-managed and effective access control system actually facilitates sharing. A sufficiently fine-grained access control mechanism can enable selective sharing of information where in its absence, sharing may be considered too risky altogether [FKC03]. (†1669)
- Hu, et al. 2006 (†728 p. 43): Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a controlled space. (†1660)
- ISACA Glossary (†743 s.v. access control): The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises. (†1756)
- Microsoft 2015 (†662 s.v. "access control"): Access control refers to security features that control who can access resources in the operating system. Applications call access control functions to set who can access specific resources or control access to resources provided by the application. (†1512)