8. Authorization

  1. Mark Stamp

Published Online: 28 OCT 2005

DOI: 10.1002/0471744190.ch8

Information Security: Principles and Practice

Information Security: Principles and Practice

How to Cite

Stamp, M. (2005) Authorization, in Information Security: Principles and Practice, John Wiley & Sons, Inc., Hoboken, NJ, USA. doi: 10.1002/0471744190.ch8

Author Information

  1. San Jose State University, USA

Publication History

  1. Published Online: 28 OCT 2005
  2. Published Print: 9 SEP 2005

ISBN Information

Print ISBN: 9780471738480

Online ISBN: 9780471744191

SEARCH

Keywords:

  • authorization;
  • access control lists (ACL);
  • capabilities;
  • confused deputy;
  • multilevel security (MLS);
  • multilateral security;
  • compartments;
  • covert channel;
  • inference control;
  • Bell-LaPadula (BLP);
  • Biba's Model;
  • CAPTCHA;
  • firewall;
  • intrusion detection system (IDS)

Summary

Authorization deals with restrictions placed on authenticated users. In this chapter we cover the basics of traditional authorization, including access control lists (ACLs) and capabilities. We illustrate the subtle differences between ACLs and capabilities using the classic “confused deputy” problem. We then present some of the security issues related to multilevel and multilateral security, and we briefly touch on the related topics of covert channels and inference control. Multilevel security naturally leads us into the world of security modeling, where we briefly discuss two of the simplest such models, Bell-LaPadula and Biba's Model. After covering the basics of security modeling, we consider non-traditional access control topics, including CAPTCHAs and firewalls. We concluded the chapter by stretching the definition of access control to cover intrusion detection systems (IDS).