My recommendation is to implement a combination of various Access Control Models to ensure comprehensive and effective security. To achieve this, I suggest utilizing Role Based Access Control (RBAC) in conjunction with the Non-Discretionary Access Control model.
RBAC involves granting access and setting permissions based on job roles or responsibilities within a group of people. This approach ensures that users with similar job roles have the appropriate permissions to access the necessary resources.
Implementing RBAC alongside the Non-Discretionary Access Control model is essential for managing access control in a network with multiple locations and diverse user base. This combination allows for proper identification and management of different users and workstations within the network.
The main emphasis should be on preventing unauthorized access to information. Non-Discretionary Access Control is a form of control that is supervised by a security administrator. Although ARAB identifies users with permissions, it is the duty of the security administrator to decide the level of access for each Role that is established. The security administrator also possesses the power to authorize certain users or workstations for accessing the network-stored information. Rule Based Access Control bears close resemblance to both ARAB and Non-Discretionary models mentioned earlier and shares similarities with ARAB.
Rule Based Access Control is a set of rules for determining user access to data. In Role Based Access Control, security can be enhanced with rules defined by the security administrator as part of the Non-Discretionary Access Control model. Constrained User Interface incorporates concepts from Role Based and Rule Based access control models. It allows users to access resources based on their rights and privileges.
These rights and privileges are restricted and constrained on the asset they are attempting to access. This necessitates multiple levels of protection but also limits the ability to request access to the organization’s resources. Another access control model applicable in this scenario is the Clark and Wilson Integrity Model, which enhances the Bibb Integrity Model. Created by David Clark and David Wilson, this model focuses on unauthorized user actions, addressing a flaw in the Bibb Integrity Model.
The Clark and Wilson integrity model addresses two flaws: the model reviews both external and internal integrity threats. This model is composed of three key elements: preventing unauthorized users from making changes within the system, preventing authorized users from making improper changes, and maintaining consistency both internally and externally. In this model, a user’s access is controlled by remissions, wherein authorized users have access to programs that allow changes.
While there is similarity among some of these models, they work synergistically to enhance access control. Having multiple models for access control in the network ensures a comprehensive coverage and mitigates the risk of relying on a single model, which may have flaws and vulnerabilities.
REFERENCES: Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems Security. Sturdy: Jones & Bartlett Learning.