Chapter 4: Access Control - Missouri S&T 4: Access Control ... Auditing Figure 4.1 Relationship...

Introduction

Policies

Requirements

Elements

DiscretionaryAccessControl (DAC)

The Basics

UNIX

File access

User IDs

ACL

Role-basedAccess Control(RBAC)

The Basics

Variations

Role Hierarchy& Constraints

Case Study:Bank

Attribute-based AccessControl(ABAC)

The Basics

Architecture

Comparisons

Policies

Chapter 4: Access Control

Comp Sci 3600 Security

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Talk tomorrow

• Title: Would you like to be a NSA agent?

• Abstract: Inside our walls, you will find the most extraordinary peopledoing most extraordinary things for an extraordinary cause: the safety andsecurity of the United States of America. NSA are looking to hire over2000 people during the next fiscal year from Oct. 17 to Sep. 18. Themajority will be from Computer Science. It is also the right time of year toapply for Co-op and Internships positions at NSA.

• When: Tuesday Sept 12, 5:30pm-6:30pm

• Where: CS207

• Bio: Jonathan Rolf (Cybersecurity and Analytics, Industry and AcademicEngagement, National Security Agency). Mr. Rolf supports industryoutreach and development of secure technologies through partnership withindustry. Mr. Rolf previously managed the Trusted Computing Portfolio inthe Commercial Solutions Center at NSA. He was responsible forestablishing the High Assurance Platform program and managing thecommercial deployment of the NetTop virtualized desktop solution.Previous to that Mr. Rolf had managed multiple STU-III based secure voiceprograms to include Iridium and the first handheld cellular STU-III. Mr. Rolfholds a MBA and Master of Science Degree in Electrical Engineering fromthe University of Maryland-College Park and Bachelor of Science Degrees inElectrical and Computer Engineering from the University of Missouri.

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline

1 IntroductionPoliciesRequirementsElements

2 Discretionary Access Control (DAC)The Basics

3 UNIXFile accessUser IDsACL

4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank

5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access control

• The prevention of unauthorized use of a resource,including the prevention of use of a resource in anunauthorized manner

• Central element of computer security

• Assume we have users and groups authenticate to asystem and assign them access rights to certain resourceson system

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access control principles

Authenticationfunction

Authentication

Auditing

Figure 4.1 Relationship Among Access Control and Other Security Functions

System resources

Authorizationdatabase

Security administrator

User

Access control

Accesscontrol

function

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access control policies

• Discretionary access control (DAC): based on theidentity of the requestor and access rules

• Mandatory access control (MAC): based on comparingsecurity labels with security clearances (mandatory: onewith access to a resource cannot pass to others)

• Role-based access control (RBAC): based on user roles

• Attribute-based access control: based on the attributesof the user, the resources and the current environment

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access Control Requirements

• Reliable input: a mechanism to authenticate

• Fine and coarse specifications: regulate access atvarying levels (e.g., an attribute or entire DB)

• Least privilege: min authorization to do its work

• Separation of duty: divide steps among differentindividuals

• Open and closed policies: accesses specificallyauthorized or all accesses except those prohibited

• Administrative policies: who can add, delete, modifyrules

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access Control Elements

Subject: entity that can access objects

• a process representing user/application

• often have 3 classes: owner, group, world

Object: access controlled resource

• e.g. files, directories, records, programs etc

• number/type depend on environment

Access right: way in which subject accesses an object

• e.g. read, write, execute, delete, create, search

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Discretionary Access Control

• Often provided using an access matrix

• lists subjects in one dimension (rows)

• lists objects in the other dimension (columns)

• each entry specifies access rights of the specified subjectto that object

• Access matrix is often sparse

• Can decompose by either row or column

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access Control Structures

• Access control matrix

• Access control lists (decomposed by column)

• Capability tickets (decomposed by row)

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access matrix and data structure

OwnReadWrite

ReadWrite

OwnReadWrite

OwnRW

AFile 1

•

Read

Read

Write Read

OwnReadWrite

OwnReadWrite

User A

User BSUBJECTS

OBJECTS

User C

File 2File 1

(a) Access matrix

Figure 4.2 Example of Access Control Structures

(b) Access control lists for files of part (a)

(c) Capability lists for files of part (a)

File 3 File 4

R

B

•

RW

C

File 1User C

•

R

File 2

•

RW

File 4

File 1User B

•

R W

File 2

• •

File 3 File 4Own

RW

BFile 2

•

R

C

OwnRW

OwnRW

OwnRW

OwnRW

File 1User A

•

File 3

OwnRW

AFile 3

•

W

B

OwnRW

B

R

File 4

•

C

R

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Alternate authorization table

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access control model

control wakeup seek

owner

ownerwakeupreadowner

ownercontrol

execute

write stop

owner

control

control

read *

write *

* - copy flag set

seek *

S1

S2SUBJECTS

OBJECTS

subjects files processes disk drives

S3

S2S1

Figure 4.3 Extended Access Control Matrix

S3 F1 F2 P1 P2 D1 D2

Extend the universe of objects to include processes, devices,memory locations, subjects

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Access Control Function

Filesystem

Memoryaddressinghardware

Processmanager

Terminal& devicemanager

Instructiondecodinghardware

Accessmatrix

monitor

Accessmatrixwrite read

Files

Segments& pages

Processes

Terminal& devices

Instructions

delete β from Sp, Y (Sm, delete, β, Sp, Y)

(Sk, grant, α, Sn, X)grant α to Sn, X

Sm

wakeup P (Sj, wakeup, P)Sj

read F

Subjects Access control mechanisms

Figure 4.4 An Organization of the Access Control Function

Objects

(Si, read, F)Si

Sk

System intervention

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

UNIX File Concepts

• UNIX files administered using inodes (index nodes)

• An inode:• control structure with key info on file (attributes,

permissions, . . . )• on a disk: an inode table for all files• when a file is opened, its inode is brought to RAM

• Directories form a hierarchical tree• may contain files or other directories• are a file of names and inode numbers

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

UNIX File Access Control (Important)

Figure 4.5 UNIX File Access Control

(a) Traditional UNIX approach (minimal access control list)

rw- r-- ---Owner

class

Group cl

ass

Other cla

ss

user: :rw-

group::r--

other::---

(b) Extended access control list

maskedentries

rw- rw- ---Owner

class

Group cl

ass

Other cla

ss

user: :rw-

user:joe:rw-

group::r--mask::rw-

other::---

• Unique user identificationnumber (user ID)

• Member of a primary groupidentified by a group ID

• 12 protection bits• 9 specify read, write, and

execute permission for theowner of the file, members ofthe group and all other users

• 2 speficiy SetID, SetGID• 1 is the sticky bit (only owner

can remove, delete, . . . , adirectory)

• The owner ID, group ID, andprotection bits are part of thefile’s inode

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

UNIX File Access Control

“set user ID”(SetUID) or “set group ID”(SetGID)

• system temporarily uses rights of the file owner/group inaddition to the real user’s rights when making accesscontrol decisions

• enables privileged programs to access files/resources notgenerally accessible

Sticky bit

• on directory limits rename/move/delete to owner

Superuser (su)

• is exempt from usual access control restrictions

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

UNIX Access Control Lists

• Modern UNIX systems support ACLs: FreeBSD,OpenBSD, Linux, Solaris

• Can specify any number of additional users/groups andassociated rwx permissions

• When access is required• select most appropriate ACL

• owner, named users, owning/named groups, others

• Check if sufficient permissions for access

• When a process requests access to a file system object twosteps are performed:

• Step 1 selects the most appropriate ACL• Step 2 checks if the matching entry contains sufficient

permissions

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Role-Based Access Control

Role 1

Users Roles

Figure 4.6 Users, Roles, and Resources

Resources

Role 2

Role 3

• Access based onrole, not identity

• Many-to-manyrelationship betweenusers and roles

• Roles often static

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies


control wakeup seek

owner

ownerwakeupreadowner

ownercontrol

execute

write stop

owner

control

control

read *

write * seek *

R1

R2

RO

LES

OBJECTS

Rn

R2R1

Figure 4.7 Access Control Matrix Representation of RBAC

Rn

R2R1 Rn

F1 F1 P1 P2 D1 D2

U1

U2

U3

U4

U5

U6

Um

Role-users and roles-object access matrix

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

General RBAC, Variations

A family of RBAC with four models

1 RBAC0: min functionality

2 RBAC1: RBAC0 plus role (permission) inheritance

3 RBAC2: RBAC0 plus constraints (restrictions)

4 RBAC3: RBAC0 plus all of the above

RBAC0 entities

• User: an individual (with UID) with access to system

• Role: a named job function (tells authority level)

• Permission: equivalent to access rights

• Session: a mapping between a user and set of roles towhich a user is assigned

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies


Permissions

(a) Relationship among RBAC models

(b) RBAC models

RBAC0Base model

RBAC3Consolidated model

RBAC1Role hierarchies

RBAC2Constraints

Figure 4.8 A Family of Role-Based Access Control Models.

Users

user_sessions session_roles

(UA) UserAssignment

(PA) PermissionAssignment

(RH) RoleHierarchy

Sessions

Objects

Oper-ations

Roles

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

RBAC

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Example of role hierarchyDirector

Engineer 1 Engineer 2

Engineering Dept

Figure 4.9 Example of Role Hierarchy

Project Lead 1 Project Lead 2

ProductionEngineer 1

QualityEngineer 1

ProductionEngineer 2

QualityEngineer 2

• Director has most privileges

• Each role inherits all privileges from lower roles

• A role can inherit from multiple roles

• Additional privileges can be assigned to a role

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Constraints

A condition (restriction) on a role or between roles

• Mutually exclusive• role sets such that a user can be assigned to only one of

the role in the set• Any permission can be granted to only one role in the set

• Cardinality: set a maximum number (of users) wrt a role(e.g., a department chair role)

• Prerequisite role: a user can be assigned a role only if thatuser already has been assigned to some other role

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Case study: RBAC system for a bank

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies


Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies


Figure 4.14 Example of Access Control Administration

UserIDs

Human Resources Department Application Administration

Authorization Administration

Roles

Functions

Application

Role Application

AccessRight

PositionsAssigns

1 N M1-4

N M

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Attribute-based access control

• Define authorizations that express conditions on propertiesof both the resource and the subject

• Each resource has an attribute (e.g., the subject thatcreated it)

• A single rule states ownership privileges for the creators

• Strength: its flexibility and expressive power

• Considerable interest in applying the model to cloudservices

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Types of attributes

• Subject attributes

• Object attributes

• Environment attributes

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Subject attributes

• A subject is an active entity that causes information toflow among objects or changes the system state

• Attributes define the identity and characteristics of thesubject: Name, Organization, Job title

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Object attribute

• An object (or resource) is a passive informationsystem-related entity containing or receiving information

• Objects have attributes that can be leveraged to makeaccess control decisions: Title, Author, Date

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Environment attributes

• Describe the operational, technical, and even situationalenvironment or context in which the information accessoccurs

• Current date• Current virus/hacker activities• Network security level• Not associated with a resource or subject

• These attributes have so far been largely ignored in mostaccess control policies

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

ABAC

• Distinguishable because it controls access to objects byevaluating rules against the attributes of entities,operations, and the environment relevant to a request

• Systems are capable of enforcing DAC, RBAC, and MACconcepts

• Relies upon the evaluation of attributes of the subject,attributes of the object, and a formal relationship oraccess control rule defining the allowable operations forsubject-object attribute combinations in a givenenvironment

• Allows an unlimited number of attributes to be combinedto satisfy any access control rule

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

ABAC Logical Architecture

Figure 4.10 Simple ABAC Scenario

1

2a

2b2c

2d

3

Access ControlPolicy

Subject Attributes ObjectAttributes

Access ControlMechanism

DecisionEnforce

EnvironmentalConditions

Affiliation

ClearanceName

Etc. Classification

OwnerType

Etc.

Rules

Subject

Object

• A subject requests accessto an object

• AC is governed by a set ofrules (2a): assesses theattr of subject (2b), object(2c) and env (2d)

• AC grants subject accessto object if authorized

Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

ACL vs ABAC trust relationships

ProperCredential Issuance

Credential Validation

NetworkAuthentication

Object Access Rule Enforcement

Access Provisioning

Group Management

NetworkCredential

Digital IdentityProvisioning

Strength ofCredential Protection

PhysicalAccess

Figure 4.11 ACL and ABAC Trust Relationships

(a) ACL Trust Chain

IdentityCredential

Subject ObjectAuthentication

Network Access Access Control List

Access ControlDecision

Access ControlEnforcement




AuthoritativeObject Attributes


Access Provisioning

Group Management

NetworkCredential



PhysicalAccess

(b) ABAC Trust Chain

Authoritative SubjectAttribute Stores

Attribute Provisioning

Attribute Integrity

Common SubjectAttribute Taxonomy

Common ObjectAttribute Taxonomy

Attribute Integrity

IdentityCredential

SubjectAttributes

ObjectAttributes


Network Access Rules



Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

ACL vs ABAC trust relationships





Access Provisioning

Group Management

NetworkCredential



PhysicalAccess

Figure 4.11 ACL and ABAC Trust Relationships

(a) ACL Trust Chain

IdentityCredential


Network Access Access Control List






AuthoritativeObject Attributes


Access Provisioning

Group Management

NetworkCredential



PhysicalAccess

(b) ABAC Trust Chain

Authoritative SubjectAttribute Stores

Attribute Provisioning

Attribute Integrity

Common SubjectAttribute Taxonomy

Common ObjectAttribute Taxonomy

Attribute Integrity

IdentityCredential

SubjectAttributes

ObjectAttributes


Network Access Rules



Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

Outline






Introduction

Policies

Requirements

Elements


The Basics

UNIX

File access

User IDs

ACL


The Basics

Variations


Case Study:Bank


The Basics

Architecture

Comparisons

Policies

ABAC Policies

• A policy is a set of rules and relationships that governallowable behavior within an organization, based on theprivileges of subjects and how resources or objects are tobe protected under which environment conditions

• Typically written from the perspective of the object thatneeds protecting and the privileges available to subjects

• Privileges represent the authorized behavior of a subjectand are defined by an authority and embodied in a policy

• Other terms commonly used instead of privileges are:rights, authorizations, and entitlements

Date post:	10-Jun-2018
Category:	Documents
Upload:	dodat
View:	216 times
Download:	1 times

Chapter 4: Access Control - Missouri S&T 4: Access Control ... Auditing Figure 4.1 Relationship...

Documents