INVITATION TO CYBERSECURITY 208 Table 8.3 A summary of the Bell-LaPadula and Biba models for MLS schemes. Companies may also control access to data using a classification system. For example, they may visibly watermark documents using categories such as sensitive, confidential, proprietary, or not for distribution. A visible watermark is a conspicuous marking in the background of a document (see Figure 8.8). Organizations can develop processes around marking and handling documents. Seeing the marking reminds employees to be careful when distributing the information in digital and printed form. Figure 8.8 A corporate document watermarked confidential. 8.2.3 Authorization in Applications Authorization is also a concern for many desktop, web-based, and smartphone applications. Most applications need some kind of authorization functionality for the services and data they provide. Many use a simple scheme that classifies users into a small number of roles such as viewer and admin. Then, based on their role, users are able to perform actions and access data. This method of managing authorization is called role-based access control (RBAC). For example, in a web application used by the human resources division of a company, the web server could serve a “Manage Employee Salaries” webpage to users in the admin role, but not to users in the viewer role. If an employee in the viewer role tried to access the webpage, the web server’s answer to the “Are you allowed to do that?” question would be “No!” and the user would receive a permissions error.
RkJQdWJsaXNoZXIy MTM4ODY=