30. Security Models and Concepts - Intro Flashcards
1
Q
Security Models and Concepts - Intro
Discretionary Access Control
(DAC)
A
Subjects have full control of objects they have created or been given access to
- Discretion of the data owner
- They can give as much or little access as they want. Its their discretion i.e. sharing files on your computer
2
Q
Security Models and Concepts - Intro
Mandatory Access Control
(MAC)
A
System-enforced access control based on subjects clearance or objects labels
- Military or highly secure organisations
- Defined by labels and you have access to a subset of a subset of labels
- i.e. top secret access doesnt give you access to everything, but you might have access to top secret - nuclear program
3
Q
Security Models and Concepts - Intro
Role Based Access Control
(RBAC)
A
Access to objects granted based on the role of the subject
- Based on your role in the organisations
- Security adminsitrator gets security administrator rights. Pre defined permissions and you assume a role
- Enforce correctly when users move roles as otherwise there can be privilege creep
- heavily used in private sectore
4
Q
Security Models and Concepts - Intro
Attribute Based Access Control
(ABAC)
A
Access to bjects granted based on subjects, objects, and environmental conditions
- Subject (user) - name, role, ID, clearnace
- Object (resource) - Name, owner, date of creation
- Environment - Location, time of access, threat levels
- More used in private sector
*
5
Q
Security Models and Concepts - Intro
Rule Based Access Control
(RUBAC)
A
Access granted based on IF/THEN statements
- a firewall is an example. If you do this on that port, drop the traffic
*
6
Q
A
