Access control systems: Subject vs Objects

by | Dec 8, 2022 | Security | 2 comments

Access control systems can treat any of the following as subjects:
• Users
• Computers
• Applications
• Networks

Access control systems can treat any of the following as objects:
• Data (stored in files, folders, and shares)
• Hardware (such as desktop computers, servers, and printers)
• Applications (such as a web server application)
• Networks (such as an Internet connection or an internal connection)
• Facilities (controlled with physical security)

Remember: Depending on the scenario; everything listed here could be either a subject or an Object; but DATA is always an Object

2 Comments

  1. Tayeeba Tarannum
    Tayeeba Tarannum on December 8, 2022 at 11:36 pm

    Please post similar concise yet informative articles more often. Easy to read and comprehend for non-IT individuals.

    Reply
    • reashad hossain
      reashad hossain on December 12, 2022 at 6:32 pm

      Thanks Tayeeba. I will. Stay tuned. 🙂

      Reply

Trackbacks/Pingbacks

  1. Security kernel vs reference monitor | Reashad Hossain - […] A reference monitor is a system component that enforces access controls on an object […]
  2. Discretionary Access Control | Reashad Hossain - […] It is an identity-based (or subject-based) model and allows data owners to assign permissions to subjects at the most…

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.