Access control (IT)

Access control (Engl. Admission control ) is in computer science ensures that a computer communication allows only authorized users or computers. A distinction is made between access control services for implementing access control and access-controlled services that can only be used after successful access control. The access control regulates the graduated use of resources .

principle

First the identity of the communication partner must be requested. Pseudonyms can also be permitted. The communication relationship is only continued if the identity is checked ( authentication ). A person can be recognized by a computer based on their biological characteristics ( biometrics ), their knowledge (e.g. username with password) and their possessions (e.g. ID, smart card ). A person can protect himself from a computer by identifying it by external features (e.g. housing, hologram , contamination), his knowledge or his location. Computers can only recognize each other through their knowledge and possibly through the origin of the line. The identity check can be carried out either at the beginning or permanently, during the entire communication.

implementation

In the technical implementation, the interests of the participants (possibly represented by their end devices ) and the provider of the access-controlled services must be taken into account. For the participant this can be, for example:

Confidentiality (e.g. avoidance of unnecessary log data), anonymity
reachability

Protection goals of the provider can be:

Integrity / authenticity
Availability
Non-contestability (legally binding)

Access control services are usually implemented in connection with cryptographic systems (encryption, authentication) in order to increase security against attacks.

Individual evidence

↑ Hannes Federrath: Slides for the lecture IT security management , set of slides computer security ( Memento from May 9, 2010 in the Internet Archive ) (Status: August 24, 2008; PDF; 2.1 MB)

↑ ^a ^b Uwe Schneider, Dieter Werner (Hrsg.): Taschenbuch der Informatik , 5th edition 2004, Fachbuchverlag Leipzig, p. 470 http://www-sec.uni-regensburg.de/publ/2000/FePf2000TBI.pdf ( Link not available)

↑ Andreas Pfitzmann: Script Security in Computer Networks (PDF; 1.8 MB) p. 21ff

↑ Dressel, Scheffler (Hrsg.): Rechtsschutz gegen Dienstpiraterie , Verlag CH Beck, Munich 2003, relevant chapter The technology of access control services http://www-sec.uni-regensburg.de/publ/2003/CATechnik2003.pdf (Link not retrievable)

[1] Hannes Federrath: Slides for the lecture IT security management , set of slides computer security ( Memento from May 9, 2010 in the Internet Archive ) (Status: August 24, 2008; PDF; 2.1 MB)

[TB_Informatik-2] Uwe Schneider, Dieter Werner (Hrsg.): Taschenbuch der Informatik , 5th edition 2004, Fachbuchverlag Leipzig, p. 470 http://www-sec.uni-regensburg.de/publ/2000/FePf2000TBI.pdf ( Link not available)

[3] Andreas Pfitzmann: Script Security in Computer Networks (PDF; 1.8 MB) p. 21ff

[Rechtsschutz-4] Dressel, Scheffler (Hrsg.): Rechtsschutz gegen Dienstpiraterie , Verlag CH Beck, Munich 2003, relevant chapter The technology of access control services http://www-sec.uni-regensburg.de/publ/2003/CATechnik2003.pdf (Link not retrievable)

Access control (IT)

contents

principle

implementation

See also

Individual evidence