--- tags: 47-SSA --- # 2: Access Control Models ###### Ehsan ## AAA ### Authentication to identify who, the person ### Authorization to give permission ### Auditing accounting ### Reference Model --- Requirement -> Basic Acc. Model -> Adv. Acc. Model GFE, google ## Access Control Model ### Access Control Matrix Access Control List -> Linked List, File1->A->B->... Capability List -> linked list as well, UsrA->File1->... both inefficient ```shell= alice@Ubuntu-Nebula:/home/bob$ ls -l total 44 drwxr-xr-x 2 bob bob 4096 Feb 16 16:22 Desktop -rw-rw--w- 1 bob bob 22 Feb 17 17:47 FileA.txt drwxr-xr-x 2 bob bob 4096 Feb 16 16:22 Music ... ``` d: directory [Owner/user][group][others] ### Access Control Lists ### Capability Lists ### Discrete Access Control vs. Mandatory Access Control ### RBAC rbac is considered as DAC, but it can be implemented as MAC.