Identification, Authentication and Authorization

Applied Cryptography Robust Software Quantum Safety Machine Learning Applied to Security Analysis and Exploration of Vulnerabilities Computer Systems Forensic Analysis Reverse Engineering Identification, Authentication and Authorization Secure Execution Environments Direito da Organização e da Segurança

Identification, Authentication and Authorization
Access Control Models
OAuth 2.0 Authorization Framework
Linux Security Mechanisms
Authentication Protocols
PAM (Pluggable Authentication Modules)
FIDO and FIDO2 framework
Authentication with Trusted Third Parties / KDCs
Identity Management
Anonymity and Privacy

Powered by GitBook

On this page

Physical access
Informatic or electronic access
Definition
Normal requirements
Subjects and objects

Access types

PreviousIdentification, Authentication and Authorization NextLeast privilege principle

Last updated 6 months ago

Physical access

Physical contact between a subject and object of interest.
- Facility, room, network, computer, storage device, authentication token, etc.

Informatic or electronic access

Information-oriented contact between a subject and the object of interest.
- Contact through request-response dialogs.
Contact is mediated by:
- Computers and networks.
- Operating systems, applications, middleware, devices, etc.

Definition

The policies and mechanisms mediate a subject's access to an object.

Normal requirements

Authentication
- With some Level of Assurance (LoA)
Authorization
Accountability -> Logging

Subjects and objects

Both are digital entities.
A subject can be something exhibiting activity:
- Processes,
- Computers,
- Networks.
Objects can be the target of an action:
- Stored data,
- CPU time,
- Memory,
- Processes,
- Computers,
- Network.

An entity can be both a subject and an object.