Title :
Access control: principle and practice
Author :
Sandhu, Ravi S. ; Samarati, Pierangela
Author_Institution :
Dept. of Inf. & Software Syst. Eng., George Mason Univ., Fairfax, VA, USA
Abstract :
Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. This article explains access control and its relationship to other security services such as authentication, auditing, and administration. It then reviews the access matrix model and describes different approaches to implementing the access matrix in practical systems, and follows with a discussion of access control policies commonly found in current systems, and a brief consideration of access control administration.<>
Keywords :
computer networks; message authentication; access control; access control administration; access matrix model; administration; auditing; authentication; security services; Access control; Authentication; Authorization; Computer security; Computerized monitoring; Control systems; Data security; Databases; Information security; Software performance;
Journal_Title :
Communications Magazine, IEEE
