Before you start
Objectives: learn what are the main goals of security and access control, and how do we describe it.
Prerequisites: no prerequisites.
Key terms: term, access, confidentiality, data, aaa, authentication, integrity, accounting, authorization, availability, cia
CIA of Security
The first term we should be familiar with is Confidentiality, which means that only some people have access to some data. To ensure confidentiality we often use encryption. So, when we talk about cryptography we also talk about confidentiality using encryption.
Another term is Integrity, which means that data has not been modified or tampered during transfer. To ensure data integrity we often use hashing. Hashing is also part of cryptography.
The next term is Availability, which means that the data is available when we need it.
Those first three terms (Confidentiality, Integrity and Availability) are often called the CIA of security.
AAA of Remote Access
The next term we should be familiar is Authentication, which we use to describe situations when we need to identify who we are and we prove that we are who we say we are. For example, username and password is one mode of authentication.
The next term is Authorization, which we use to describe what access authenticated user has. Basically, we describe what the user is authorized to work with.
The next term is Accounting, which is used to describe logging. Looging means keeping track of what someone did on the system.
Authentication, Authorization and Accounting are often referd to as the AAA of remote access.
Non-repudiation
The last term we need to be familiar with is Non-repudiation, which we use to describe situations in which we need to ensure that something was done by exactly someone. To do that we use digital signatures. For example, when someone sends an email using digital signature, he can’t later deny that he sent it. Digital signature is used to identify the source of the data.
Remember
The CIA of Security refers to confidentiality, integrity, and availability. Those are the three main goals of security. AAA refers to authentication, authorization, and accounting. AAA is used in the process of access control to secured resources.