• All the protected resources in Java applications are accessed only through system domain
  • Protected resources include keyboard, AWT, printing systems, networking facilities and file systems
  • Permissions to running programs are checked by calling the method SecurityManager.checkPermission() ,ensuring proper permissions are given to the objects
  • While checking permissions, SecurityManager.checkPermission() invokes AccessController.checkPermission() to verify the permissions

Access Control Model (Cont’d)

  • the AccessController.checkPermission() method logic ensures each class in the thread stack gets ProtectionDomain
  • All these ProtectionDomains are composed into a java.security.AccessControlContext object
  • implies() method is invoked along with permission object on the ProtectionDomain to check as a parameter
  • In case if checked permissions are invoked by ProtectionDomain for each stack frame, this continues even for the next frame on the stack
  • Testing continues until stack ends, concluding that all the thread’s classes have proper permission for the operation’s success

Access Control Model (Cont’d)

  • Even if one of the ProtectionDomain in the thread’s stack does not have checkPermission, then access to resource is denied along with a SecurityException thrown

Access Control Model (Cont’d)

  • Both authentication and authorization play an important role in information security and together from access control

Access control comprise three model:

  1. Discretionary access control (DAC)
  2. Mandatory access control (MAC)
  3. Role-based access control (RAC)