the four means of authenticating user identity are based on: • SOMETHING THE INDIVIDUAL KNOWS - password, PIN, answers to prearranged questions • SOMETHING THE INDIVIDUAL POSSESS (TOKEN)- smartcard, electronic keycard, physical key • SOMETHING THE INDIVIDUAL IS (STATIC BIOMETRIC) – fingerprint, retina, face • SOMETHING THE INDIVIDUAL DOES (DYNAMIC BIOMETRIC) - voice pattern, handwriting, typing rhythm One technique is to restrict access to the password file using standard access control measures. Another technique is to force users to select passwords that are difficult to guess.
* One-way function: The system stores only the value of a function based on the user's password.When the user presents a password, the system transforms that password and compares it with the stored value. In practice, the system usually performs a one-way transformation (not reversible) in which the password is used to generate a key for the one-way function and in which a fixed-length output is produced.
* Access control: Access to the password file is limited to one or a very few accounts.
Role-based access control (RBAC) is an access policy determined by the system, not the owner. RBAC is used in commercial applications and also in military systems, where multi-level security requirements may also exist. RBAC differs from DAC in that DAC allows users to control access to their resources, while in RBAC, access is controlled at the system level, outside of the user's control. Although RBAC is non-discretionary, it can be distinguished from MAC primarily in the way permissions are handled. MAC controls read and write permissions based on a user's clearance level and additional labels. RBAC controls collections of permissions that may include complex operations such as an e-commerce transaction, or may be as simple as read or write. A role in RBAC can be viewed as a set of permissions. Three primary rules are defined for RBAC:
Please join StudyMode to read the full document