Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Discuss implementation of access control ABAC and MAC.

RBAC Implementation:

Windows Environment:

  • Utilize Windows Active Directory for user and role management.
  • Assign users to specific roles like “accountants” or “developers” based on their job responsibilities.
  • Each role is granted specific permissions to access files or resources.
  • Example: Create a role “accountants” with read access to financial files.

Linux Environment:

  • Leverage Linux user groups for RBAC.
  • Assign users to groups according to their work roles.
  • Set file permissions for each group to control access.
  • Example: Create a group “developers” and provide them write access to code repositories.

Differentiation from Groups:

  • In RBAC, users can belong to multiple groups but are assigned to a single role.
  • This ensures clear and singular assignment of permissions based on the user’s primary role.
  • Example: A user is both in the “developers” group and “accountants” group but is assigned the “developer” role for access control.

MAC Implementation:

Windows Vista-8:

  • MAC is implemented using Mandatory Integrity Control (MIC).
  • Objects (files, processes) are assigned Integrity Levels (IL) representing trust levels – low, medium, high, and system.

Assigning IL Levels:

  • Users are assigned an IL level in their access token.
  • Access to an object is allowed only if the user’s IL level is equal to or higher than the object’s IL.
  • Example: A user with a “medium” IL can read and write to objects with “medium” or “low” IL but not “high.”

Combining with DAC:

  • Windows DAC (Discretionary Access Control) system ACLs are used alongside MIC.
  • It checks IL levels first, then verifies ACLs to ensure correct permissions.
  • Example: Even if a user has the right ACL permissions, they cannot modify a file with a higher IL.

Leave a Comment