Methods for information and access Control
Publish date: 2014-12-31
Report number: FOI-R--4010--SE
Pages: 61
Written in: Swedish
Keywords:
- Access control
- information model
- separation of duty
- least privilege
- Lift.
Abstract
The two concepts of separation of duty and least privilege are central in systems with high requirements on information security. When it comes to confidentiality, these are closely related to constrained access to information based on need to know. Thus, two important factors to maintain separation of duty and least privilege are the access control policy and the information model that are used in the system. The possibility to prevent disclosure of sensitive information is increased by limiting the access to information on all levels, both physical and logical. The report describes information modeling from a theoretical perspective as well as a summary of a number of access control policies. Using these theoretical models, a study is performed where the Lift system is investigated on how it implements these aspects in order to achieve separation of duty and least privilege. Lift is used as an example since it is a large-scale system containing large sets of information from unclassified up to Hemlig/Top Secret. Lift has a clear division of information handling, partly from using separate subsystems and partly from user roles and access rights within each subsystem. The access rights are regulated through documented administrative processes and are set with a suitable granularity according to the user roles. The information objects in Lift are only available in the subsystems in which they are needed leading to a physical separation of information sets. The overall control of the information objects and the access to information objects ensures that separation of duty and least privilege holds in the system. One identified success factor in the design of Lift is that it is developed to support the business operations instead of forming them.