Identify what implementation method(s) can be used to incorporate multilayer access control
Describe and how each method benefits multilayered access control
Access control models are generally concerned with whether subjects, any entity that can manipulate information can access objects, entities through which information flows through the actions of a subject and how this access can occur. Access control models are usually seen as frameworks for implementing and ensuring the integrity of security policies that mandate how information can be accessed and shared on a system.
RBAC is considered a much more generalized model than either MAC or DAC, encompassing both models as special cases while providing a policy neutral framework that allows RBAC to be customized on a per-application basis., Loosely defined as any access control model that enforces security policies independent of user operations, Mandatory Access Control is usually associated with the 1973 BellLaPadula Model of multi-level security. Transaction based rights help ensure system integrity and availability by explicitly controlling not only which resources can be accessed but also how access can occur. In large organizations, the consolidation of access control for many users into a single role entry allows for much easier management Example of RBAC role relationships of the overall system and much more effective verification of security policies.
Through its implementation of Bell-LaPadula in Multi-Layer Secure (MLS) systems, MAC is the main access control model used by the military and intelligence agencies to maintain classification policy access restrictions. The combination of Bell-LaPadula and trusted component assurance also has the nice benefit of making MLS systems immune to Trojan Horse attacks. In perfect implementations, MLS systems implementing Bell-LaPadula MAC are not susceptible Trojan Horse forced security violations because users do not have the ability to declassify information.
The principle of type enforcement is more that flexible policy expressions are possible when objects are assigned to types and thus columns in the access control matrix are replaced by types. The DTE extension to this is to assign subjects to domains and complete the matrix transformation so the access control matrix is now a domain definition table
RBAC is considered a much more generalized model than either MAC or DAC, encompassing both models as special cases while providing a policy neutral framework that allows RBAC to be customized on a per-application basis.As a blend of the MAC and DAC models and integri, RBAC is partially founded on principles outlined in Biba.