Table of Contents
Access control is an important part of security. Its main aim is to minimise the security risk of unauthorised access and protect a building and its occupants against threats from intruders.
Access control systems simplify security in several ways and can benefit anyone with security needs. They are slowly replacing traditional keys due to the variety of benefits that they offer and are becoming popular in various industries including healthcare, government, enterprise, education, residential and commercial flats, and small and medium-sized businesses.
A user who wishes to enter an access-controlled location presents their credentials to the system, after which they are verified and access is either granted or denied based on the access permissions.
Access control systems can be housed on a local server or the cloud, and can be controlled via different credential types such as access cards, codes, biometrics, or mobile devices.
When it comes to setting permissions, there are five options for how you can manage them:
- Discretionary access control
- Mandatory access control
- Role-based access control
- Rule-based access control
- Attribute-based access control
Read on for more information on attribute-based access control, how it works, its advantages and disadvantages, and how to choose the right access control model for your security needs:
WHAT IS ATTRIBUTE-BASED ACCESS CONTROL (ABAC)?
Attribute-based access control (ABAC), also called policy-based access control (PBAC) and claims-based access control (CBAC), is an authorisation system that determines user access and permissions based on their characteristics, or attributes, instead of their roles.
It is derived from role-based access control (RBAC), but while RBAC covers broad access, ABAC controls access on a more detailed level.
The basis of attribute-based access control is about defining a set of attributes for the different elements of the system. It comprises several components, out of which the main ones are the attributes.
These refer to the character of the elements in the system or the user characteristics such as their department, position, clearance level, and even their IP address. They can also refer to environmental characteristics such as the time, date, and location.
The ABAC model can be used by organisations of different sizes, but their best use is within large organisations with many users.
HOW DOES ATTRIBUTE-BASED ACCESS CONTROL WORK?
It is important to note that the attributes in an attribute-based access control system are not just of the users. They are also of the accessed resource, the overall system, and anything else that may be relevant in the situation.
ABAC policies are based on a combination of four different elements: who can do what with a resource and in what context.
ABAC systems make access rules and decisions by studying how the attributes interact in an environment and creating rules that determine access for a set of attributes if certain conditions are met.
The system uses these policies to grant or deny access. When an access request is triggered, the system scans the attributes to determine if they match the existing access policies. If the attributes match with a policy, access is granted to the user.
ADVANTAGES OF ATTRIBUTE-BASED ACCESS CONTROL
The advantages of using attribute-based access control include:
- Granularity – since the system uses attributes instead of roles to specify access policies and permissions, the system administrators can create targeted rules without having to create additional roles.
- Flexibility – attribute-based access control system policies are flexible and easy to adapt to changing users and resources. instead of modifying the rules or creating new ones, the system admins need only assign the relevant attributes to the new users or resources.
- Adaptability – an attribute-based system makes it easy to add and revoke permissions by allowing the system admins to modify attributes. This simplifies employee turnover as well as temporary access for contractors and part-time employees.
- Security – the system allows admins to create more context-sensitive rules according to the security needs so that they can better protect user privacy and be compliant without needing a high degree of technical knowledge.
An attribute-based access control system, whether stand-alone or as a part of a hybrid solution with RBAC, requires time, effort, and resources to implement.
It may require defining hundreds and thousands of attributes, establishing complex rules and policies, and successfully implementing them. However, once it is successfully implemented, it is highly secure and scalable.
OTHER TYPES OF ACCESS CONTROL MODELS
There are access control models other than attribute-based systems. They include:
Discretionary access control (DAC)
Discretionary access control (DAC) is less restrictive compared to other types of access control and is a good choice for homes and smaller businesses where security is required for one or two doors.
It is a standalone access control system and gives the end-users complete control over who can come and go, allowing them to set access permissions for other people.
Mandatory access control (MAC)
Mandatory access control (MAC) is more secure than a DAC system and is a good choice for areas that need increased security.
It ensures that the end-user doesn’t control the access permissions and it is, in fact, the system administrator who does. Using this system, the system admin gives the end-users access to certain areas and not others.
Due to the high level of security provided by MAC, it is generally used in organisations with an increased emphasis on security and data confidentiality, such as military and scientific sites.
Role-based access control (RBAC)
In a role-based access control (RBAC) system, access permissions are assigned to the users based on their role within an organisation.
This type of system puts the system administrator in charge of access control and instead of individually assigning roles to someone, they will be automatically assigned to their role.
RBAC is ideal for large businesses with lots of employees, but can also be useful for smaller businesses looking for extra security.
Rule-based access control (RBAC)
Rule-based access control sets access permissions according to a predetermined set of rules that allow or deny users access within the system regardless of their role or position in the organisation
Under this access control model, security administrators set rules that determine how, when, and where the employees of an organisation can access areas, spaces, and resources.
ABAC VS RBAC
Attribute-based access control (ABAC) is derived from role-based access control (RBAC), except that RBAC assigns access permissions based on the user’s roles whereas ABAC controls access on a more detailed level.
ABAC enables system administrators to extend the existing roles using attributes and policies. It offers the context required to make smart authorisation decisions, and instead of granting access based only on roles, ABAC accounts for the relevant actions, resources, location, and time as well.
ABAC access policies and permissions are based on individual attributes and include context. It eliminates the need for several roles and enables the system administrators to change and update the attributes without rewriting the policy. Since ABAC requires significantly fewer roles, it offers simpler identity management as a result.
Organisations usually start with a simple RBAC implementation since it is easy to set up and maintain. As the organisation grows and has more sensitive assets to protect, they realise the need for more sophisticated access control, which is where a hybrid of RBAC and ABAC comes in.
RBAC and ABAC can be used together, where the former lays the foundation and the latter fills up the details and technicalities. This combined model is called RBAC-A.
There are several ways to implement the hybrid RBAC-A access model in an organisation:
- Using the roles in RBAC as one of the user attributes in ABAC. The role attribute is used to determine a set of required attributes for a particular organisational role.
- Adding attributes to constrain roles so that RBAC is used to define the basic rules of access control, whereas ABAC is used to reduce the permissions available to a user based on specific criteria.
- Setting dynamic roles according to other attributes defined in ABAC. For example, the user’s current location can either add or remove them from a certain role.
HOW TO CHOOSE THE RIGHT ACCESS CONTROL MODEL?
When it comes to choosing the right access control model for your property, you need to give it proper thought as it will lay the foundation for access control and prevent unauthorised access.
Each model has its own set of benefits and limitations, so it is important to evaluate each one to determine which will be the best fit for your organisation.
The decision is based on several factors and you need to choose one that suits your unique needs and requirements.
If you are looking for flexibility and ease of use, go for a Discretionary Access Control (DAC) system. For maximum security, a Mandatory Access Control (MAC) system would be best. If you want a balance of security and ease of use, you may consider Role-Based Access Control (RBAC), Rule-Based Access Control (RBAC), or Attribute-Based Access Control (ABAC).
Identifying the best access control solution for your property will depend on a variety of factors that include:
Identifying your security needs and requirements
Before you select an access control system, it is very important to understand the specific security needs and requirements of your property.
A hospital may have different access control needs than a retail store, and a retail store may have different access control needs than an office building. Keeping that in mind, it is very important to identify your needs and requirements to help you determine the access control model that best fits your property’s needs.
Considering the size and nature of your property
Some access control models are better suited for smaller properties with a few users, whereas others are better for larger organisations with several users.
A small business may not need the same level of security as a large organisation, and its security needs may not be as complex.
Taking into account the cost and scalability of the system
When choosing an access control system, it is best to think about future growth and business outlook so that it remains relevant in the long run. A flexible and scalable system would allow the system to accommodate growth in terms of the property size and the number of users.
As far as the cost is concerned, some access control systems are more expensive than others and you need to keep in mind both your budget and security needs and strike the right balance between them.
Choosing the best authentication method
There are several authentication methods for access control systems, including access cards, key fobs, keypads, biometrics, and mobile access control. Deciding which one is suitable for your needs depends on the level of security you require, the size of the property, and the number of users.
Key cards and fobs are one of the most commonly used credential types for access control systems. Although they are easier to manage than traditional keys, they need to be replaced if they are lost or compromised, in which case you would have to incur an additional cost.
Biometric entry systems use fingerprint, iris, or facial scanners, and are a great option for properties that need additional advanced security such as data centres, financial institutions, government buildings, and other high-security areas.
Although they are more expensive to implement, changing and updating access permissions is incredibly easy and cost-effective. With mobile-based access control, you can turn your mobile phone into a key and use an app to gain access.
Considering the required features and integrations
Access control systems come with a range of functions such as access reporting, real-time notifications, and remote monitoring via computer or mobile. You must select the features your property requires and have a custom-made solution for your needs.
Access control can also be integrated with other security systems such as burglar alarms, CCTV systems, and fire alarms to provide a more comprehensive security solution.
CONTACT CALDER SECURITY
Calder Security provides access control system services for homes and businesses that includes professional installation, maintenance, and repair.
We’ve been working in the security industry since 1976 and partner with only the best brands. Our MLA-approved locksmiths can advise you on the best type of system for your property by helping you assess your security needs and requirements.
Because an access control system operates the locking and unlocking mechanism of your door, installation must be completed properly by someone with detailed knowledge of how these systems work.
We are SSAIB-approved installers and can work with all types of access control systems including intercom, proximity fob, card swipe, and keypad. We also offer biometric systems that use fingerprints or retina scans.
Access control systems are very reliable and will last a long time. But like any technology, they require periodic maintenance to continue working as they should.
We conduct annual servicing to keep your system working well and give it a full check including checking the battery strength, power supply, and connections.
While generally very reliable, sometimes problems may occur with access control systems that can potentially compromise the security of your property.
Common issues include simple wear and tear or faults with the power supply or batteries, and to preserve the security of your property, you need to get the problems fixed ASAP.
We operate a 24-hour emergency service run by qualified security specialist engineers who understand access systems and can resolve issues efficiently and effectively.
Contact us here or call us on 0800 612 9799 for a quick consultation and more information on access control models and how to choose the right one for your property!
Photo by Fernando Reyes on Unsplash