Access control systems authenticate users and enforce authorization, avoiding that attackers or unauthorized users reach unpermitted services and resources, modify system configurations, and take control of them.
Access control is needed to identify actors who try to interact with the system, or take place in a network, and it defines if they are authorized or not.
The installation of backdoors in the system, and the exfiltration of data from it can be prevented or at least made more difficult if an access control is implemented. Furthermore, it can protect from alteration of system settings, disablement of defenses, or from the deletion of logs.Without the access control, the attacker could take control of the asset, abusing the resources, misconfiguring OBCP to hijack or damage it, he can interrupt the provided services or also take possession of the spacecraft, changing the cryptographic keys. [1]
Domain | ID | Name | Use | |
---|---|---|---|---|
T1489 | .001 | Service Stop: Ground system loss | ||
T2035 | Side-channel exfiltration | |||
T2026 | .001 | Temporary loss to telecommand satellite: Replace session keys |