The Security Model
ACSLS security requirements arise from the need to protect data: first, from accidental loss and corruption; and second from deliberate unauthorized attempts to access or alter that data. Secondary concerns include protecting against undue delays in accessing or using data, or even against interference to the point of denial of service.
The critical security features that provide these protections are:
- Authentication – ensures that only authorized individuals get access to the system and data.
- Authorization – provides access control to system privileges and data. This builds on authentication to ensure that individuals only get appropriate access.
- Audit – allows administrators to detect attempted breaches of the authentication mechanism and attempted or successful breaches of access control.