What is Access Control List
Access Control List [ACL] refers to the permissions attached to an object that specifies which users are granted access to that object. Furthermore, it also specifies the operations the users can perform using that object.
A file system ACL contains entries that specify individual user or group rights to specific system objects such as programs, processes, files, and programs. These entries are called access control entries [ACEs] in the Microsoft Windows NT, OpenVMS, UNIX, and Mac OS X operating systems. Moreover, each system object has a security attribute to recognize its ACL.
Networking ACLs provide rules that apply to port numbers or IP addresses available on a host. The list consists of hosts that have permission to use the services. Furthermore, individual servers and routers can have network ACLs. It is possible to configure ACL to control both inbound and outbound traffic. Therefore, it works similar to a firewall. Furthermore, SQL based systems such as ERP [Enterprise Resource Planning] and Content Management Systems contain ACL models in their administration modules.
What is Access Control Matrix
Access control Matrix allows implementing protection model. This matrix contains rows and columns. Rows represent the domain. It can be a user, process or a procedure domain. Columns, on the other hand, represent the objects or resources. An expel Access Control Matrix is as follows.
Each entry in the matrix represents access right information. In the entry access [Di, Oj], Di represents a process in the domain while Oj represents an object or the resource. According to the above matrix, a process in domain 1 can read File 1. A process in domain 2 can take printouts, and a process in domain 3 can execute File 3. Moreover, a process in domain 4 can write to File 2. This is how the Access Control Matrix operates.
What Is an Access Control List
An access control list [ACL] contains rules that grant or deny access to certain digital environments. There are two types of ACLs:
- Filesystem ACLs━filter access to files and/or directories. Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed.
- Networking ACLs━filter access to the network. Networking ACLs tell routers and switches which type of traffic can access the network, and which activity is allowed.
Originally, ACLs were the only way to achieve firewall protection. Today, there are many types of firewalls and alternatives to ACLs. However, organizations continue to use ACLs in conjunction with technologies like virtual private networks [VPNs] that specify which traffic should be encrypted and transferred through a VPN tunnel.
Reasons to use an ACL:
- Traffic flow control
- Restricted network traffic for better network performance
- A level of security for network access specifying which areas of the server/network/service can be accessed by a user and which cannot
- Granular monitoring of the traffic exiting and entering the system
Domain 3: Security Engineering [Engineering and Management of Security]
Eric Conrad, ... Joshua Feldman, in CISSP Study Guide [Third Edition], 2016
Access Control Matrix
An access control matrix is a table that defines access permissions between specific subjects and objects. A matrix is a data structure that acts as a table lookup for the operating system. For example, Table 4.1 is a matrix that has specific access permissions defined by user and detailing what actions they can enact. User rdeckard has read/write access to the data file as well as access to the data creation application. User etyrell can read the data file and still has access to the application. User rbatty has no access within this data access matrix.
Table 4.1. User Access Permissions
| rdeckard | Read/Write | Execute |
| etyrell | Read | Execute |
| rbatty | None | None |
The rows of Table 4.1 show the capabilities of each subject; each row is called a capability list. The columns of Table 4.1 show the ACL for each object or application.