Today's information systems need reliable, flexible and secure methods to provide public and confidential information to different groups of people: partners, customers, suppliers, and employees. There are a number of available remote access techniques, and a range of cutting-edge products allowing dialup, VPNs, Web, Citrix, and wireless access. However, information systems are facing significant challenges to integrate multiple cutting-edge products and providing a manageable framework for efficient access control software. Since many kind of people need an easy access to business-critical information, the challenge is to make sure that only the right people have access to the right information. This chapter presents various methods and techniques for controlling users' access to information system resources. Different approaches helping to ensure that only authorized users can access secured resources are discussed. This chapter also covers the basics of access control, general methods and techniques used to manage access to resources, some common attacks that are launched against access control systems and the generalization of the basic Security Techniques specification for confidential resources protection in Web based distributed systems.
This chapter is organized as follows: Section I gives an overview of information system security, the different attack techniques and the access control methodologies that facilitate the creation and deployment of security basic methods. In section II we identify the security risks and problems and information systems threats. The external binding attacks and platform security problems are identified in section III. Section IV, discusses several access control techniques allowing protecting information systems and presents some intrusion detection systems. In Section V, distributed systems security problems are discussed and the solutions proposed in Sections VI and VII are applied to solve them. Finally, Section VIII gives some concluding remarks.