“None Shall Pass”

In “Monty Python and the Holy Grail”, King Arthur “rides” up to the Black Knight. The Black Knight refuses to acknowledge King Arthur’s requests nor resopnd to any question. He only says “None Shall Pass”. For those who haven’t seen the movie, a highly tense battle ensues with King Arthur defeating the Black Knight and riding past him. The Black Knight was there as an access control.

Access controls are one of the primary ways to ensure that privacy is maintained. The first access control strategy is “Deny By Default”. This means that even system administrators do not have access to data without going through certain processes or procedures. This helps prevent administrators from making mistakes as well as providing an important history of activity that allows for tracing back to who performed an action. If one student was able to submit another students homework, there would be a significant amount of challenges for grades.

The next step is to implement access by using a combination of these “Least Privilege Access” strategies. These strategies are used to allow those who need or are granted access to certain data or perform certain actions when needed. Here is a table of those strategies:

Access Control MechanismDescriptionExample in Educational Software Platform
Discretionary Access Control (DAC)Grants or restricts object access via policies determined by the object owner.A teacher sets a document in the course management system to be accessible only to specific students.
Mandatory Access Control (MAC)Regulates access based on predefined rules, often using classifications and security labels.The system classifies data into “Public”, “Sensitive”, and “Private”, and only allows staff with the appropriate clearance to access sensitive grading records.
Role-Based Access Control (RBAC)Assigns permissions to roles rather than individual users, and users acquire permissions based on their role.Users are assigned roles such as “Student”, “Teacher”, or “Administrator”, with different access rights to course materials, grades, and user information.
Attribute-Based Access Control (ABAC)Determines access based on attributes (user, system, and environmental), allowing for dynamic policy definitions.Access to final exam results is based on attributes such as student status, course enrollment, and date of exam completion.
Rule-Based Access ControlUses rules defined by system administrators to determine access based on specific conditions.Teachers can grant students extra credit or ability to correct responses based on certain amount of homework completed.
Time-Based Access ControlLimits access to resources based on the time of day or other temporal conditions.Students can only access certain lessons at specific times during the course.

You may be thinking this is way too many options and the implementation has to be a nightmare to manage. This may be true. However, when planned from the start it doesn’t haven’t be overly complex and many of the conditions can be handled by the owner. By planning on how data can be accessed the software design and architecture can be implemented in such away that it is simplified.

One advantage to these rules and processes is that when someone who is unauthorized to access the data is able to get access it usually is the result of a significant effort and time cost. It is also much easier to identify how that unauthorized access happened.

Now that we have identified the how to control access to the data, we can discuss how to protect the data when access controls are not possible, insufficient, or like the Black Knight, is defeated in battle.

Posted in Security and tagged , .