Access Control Flashcards
Main Concepts and Practice Questions
Which of the following is an example of Logical Access Control?
a) Using a proximity card to enter a building
b) Using a username and password to access a computer
c) Installing a security camera
d) Hiring a security guard
Answer:
b) Using a username and password to access a computer
Explanation:
Logical access control limits access to computer systems, networks, files, and data.
Using a username and password is a common method of logical access control.
Which component of access control is responsible for verifying the identity of a user?
a) Authorization
b) Access
c) Authentication
d) Audit
Answer:
c) Authentication
Explanation: Authentication is the process of proving an assertion, such as the identity of a user.
What is the purpose of the principle of least privilege?
a) To give all users the same level of access
b) To give users more access than they need
c) To minimize the risk of misuse of resources by granting users only the necessary access
d) To make access control management more complex
Answer:
c) To minimize the risk of misuse of resources by granting users only the necessary access
Explanation:
The principle of least privilege minimizes the risk of resource misuse by ensuring users only have the access they need to perform their job functions.
In the Lampson Access Matrix, what does a cell represent?
a) A subject
b) An object
c) The operations a subject can perform on an object
d) A security level
Answer:
c) The operations a subject can perform on an object
Explanation:
In the Access Matrix, each cell defines the operations that a specific subject can perform on a specific object.
What is a “Trojan horse” in the context of computer security?
a) A hardware device that controls access
b) A program that appears benign but has a malicious function
c) A type of access control model
d) A method of physical access control
Answer:
b) A program that appears benign but has a malicious function
Explanation:
A Trojan horse is a program that disguises itself as harmless but performs malicious actions.
Which of the following is a property of a reference monitor?
a) It can be easily modified by untrusted processes
b) It only checks access control policies occasionally
c) It is tamperproof
d) It does not need to be verifiable
Answer:
c) It is tamperproof
Explanation:
A reference monitor must be tamperproof to ensure that it cannot be bypassed or modified by unauthorized entities.
Which access control model assigns privileges based on rules specified by users?
a) Mandatory Access Control (MAC)
b) Discretionary Access Control (DAC)
c) Role-Based Access Control (RBAC)
d) Rule-Based Access Control (RuBAC)
Answer:
b) Discretionary Access Control (DAC)
Explanation:
DAC allows the owner or administrator of a resource to set policies for who is allowed access.
Which access control model uses roles and user groups to determine access privileges?
a) Mandatory Access Control (MAC)
b) Discretionary Access Control (DAC)
c) Role-Based Access Control (RBAC)
d) Rule-Based Access Control (RuBAC)
Answer:
c) Role-Based Access Control (RBAC)
Explanation:
RBAC assigns roles to subjects and configures access permissions at the role level.
Which access control model is well-suited for enforcing global policies in network equipment like firewalls?
a) Mandatory Access Control (MAC)
b) Discretionary Access Control (DAC)
c) Role-Based Access Control (RBAC)
d) Rule-Based Access Control (RuBAC)
Answer:
d) Rule-Based Access Control (RuBAC)
Explanation:
RuBAC uses rule lists that apply globally, making it suitable for network equipment and environments requiring strict global policies.
What is a key characteristic of Attribute-Based Access Control (ABAC)?
a) It relies solely on predefined roles.
b) It evaluates attributes at the time of attempted access.
c) It is less flexible than Role-Based Access Control.
d) It is not suitable for cloud environments.
Answer:
b) It evaluates attributes at the time of attempted access.
Explanation:
ABAC evaluates attributes in real-time, allowing for contextual and dynamic access control policies.
Which access control component involves validating personal identity documents?
a) Authorization
b) Access
c) Authentication
d) Audit
Answer:
c) Authentication
Explanation:
Authentication can involve validating identity documents to verify a person’s identity.
What does the ‘protection state’ in an access control system define?
a) The hardware components of the system
b) The users of the system
c) Permissions and policies
d) The physical location of the system
Answer:
c) Permissions and policies
Explanation:
The protection state defines the permissions (i.e., policy) and determines how security goals are met.
What is the primary function of an ‘enforcement mechanism’ in access control?
a) To define permissions
b) To manage user accounts
c) To enforce the protection state
d) To audit user activity
Answer:
c) To enforce the protection state
Explanation:
The enforcement mechanism enforces the protection state on the system.
In the context of access control, what does ‘complete mediation’ mean?
a) Bypassing access control checks for performance
b) Checking access control policy before every security-sensitive operation
c) Allowing users to modify access control policies
d) Delegating access control to users
Answer:
b) Checking access control policy before every security-sensitive operation
Explanation:
Complete mediation means that the access control policy is checked every time a security-sensitive operation is requested.
Which access control model is characterized by high security and consistency but also has drawbacks like a rigid format and manual burden?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Rule-Based Access Control (RuBAC)
Answer:
b) Mandatory Access Control (MAC)
Explanation:
MAC is known for its high security and consistency but can be rigid and require significant manual administration.
What is a disadvantage of Discretionary Access Control (DAC)?
a) Centralized security
b) Flexibility
c) Lack of security
d) Automation
Answer:
c) Lack of security
Explanation:
DAC’s flexibility can lead to weaker security due to its reliance on individual users to set access policies.
Which access control model is rule-based and commonly used in network equipment like firewalls?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Rule-Based Access Control (RuBAC)
Answer:
d) Rule-Based Access Control (RuBAC)
Explanation:
RuBAC uses rule lists to define access parameters and is commonly used in network devices.
What is the benefit of Role-Based Access Control (RBAC)?
a) Granular policies
b) Decentralized management
c) Intuitive policies
d) High management overhead
Answer:
c) Intuitive policies
Explanation:
RBAC provides intuitive policies, making it easier to understand and manage access privileges based on roles.
In Attribute-Based Access Control (ABAC), what is used to form policy rules?
a) User roles
b) Security levels
c) Attributes
d) Rule lists
Answer:
c) Attributes
Explanation:
ABAC uses attributes to define and qualify access parameters, offering more flexibility than role-based systems.
Which access control model is highly suitable for cloud and remote environments due to its flexibility and context-awareness?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Attribute-Based Access Control (ABAC)
Answer:
d) Attribute-Based Access Control (ABAC)
Explanation:
ABAC is well-suited for cloud and remote environments because it can handle complex rules and consider context.
What is the difference between physical and logical access control?
Answer:
Physical access control limits access to physical assets like buildings;
Logical access control limits access to digital assets like data and computer systems.
List the five components of access control.
Answer:
Authentication,
Authorization,
Access,
Manage,
and Audit.
Define “Authentication”.
Answer:
Authentication is the act of proving an assertion, such as the identity of a person or computer user.
Define “Authorization”.
Answer:
Authorization is the function of specifying access rights or privileges to resources.
What is an access control system?
Answer:
An access control system consists of a protection state (defines permissions) and an enforcement mechanism (enforces the protection state).
What is an access matrix?
Answer:
An access matrix is a technique to represent the protection state, showing what operations subjects can perform on objects.
What is a reference monitor?
Answer:
A reference monitor is an enforcement mechanism that checks if a request is authorized by the access control policy.
What are the three essential properties of a reference monitor?
Answer:
1.Complete mediation
2.Tamperproof
3.Verifiable
Name four access control models.
Answer:
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control (RuBAC)
What is Discretionary Access Control (DAC)?
Answer:
DAC is an access control method where the owner of a resource sets the policies for who is allowed to access.
What is Mandatory Access Control (MAC)?
Answer:
MAC is an access control method where the operating system enforces access permissions and restrictions based on security levels.
What is Role-Based Access Control (RBAC)?
Answer:
RBAC is an access control method that uses roles and user groups to determine access privileges.
What is Rule-Based Access Control (RuBAC)?
Answer:
RuBAC is an access control method that uses rule lists to define access parameters.
What is Attribute-Based Access Control (ABAC)?
Answer:
ABAC is an access control method that uses attributes to form policy rules, providing more flexibility than RBAC.
What is the purpose of auditing in access control?
Answer:
Auditing is used to enforce the principle of least privilege and minimize risks associated with users retaining unnecessary access rights.
Explain the concept of a “secure protection state”.
Answer:
A secure protection state is one that meets secrecy, integrity, and availability goals.
What is a Trojan horse, and why is it a security concern?
Answer:
A Trojan horse is a program that masquerades as a benign application but contains a malicious function, posing a security risk by potentially leaking sensitive information.
Describe the Simple-Security Property.
Answer:
The Simple-Security Property states that subjects cannot read data that is more secret than their subject is allowed.
What is the Security Property in access control?
Answer:
The Security Property states that subjects cannot write data to files that are less secret than they are.
What is the role of the authorization module in a reference monitor?
Answer:
The authorization module takes the interface’s inputs and converts them into a query for the reference monitor’s policy store.
Explain the components of access control and their importance in securing a system.
Answer:
The components of access control are:
Authentication (verifying user identity),
Authorization (specifying access rights),
Access (allowing access to resources),
Manage (adding/removing users and their permissions),
and Audit (reviewing access logs to ensure security).
These are crucial for ensuring only authorized users can access the resources they need and to track and manage access effectively.
Define the concept of a reference monitor within access control systems.
[Reference Monitors and Security Enforcement]
A reference monitor is a security mechanism that controls access to objects (resources) in a system.
It acts as a guard, ensuring that subjects (users, processes) can only access objects according to a defined security policy.
It is a key component of the enforcement mechanism in an access control system.
Critically analyze the essential properties of a reference monitor: complete mediation, tamperproof, and verifiable.
Explain the importance of each property for ensuring system security.
[Reference Monitors and Security Enforcement]
- Complete Mediation:
1.1 Every access to every object must be checked by the reference monitor.
1.2 This prevents any bypassing of security checks.
1.3Importance: Ensures that no unauthorized access can occur, regardless of the request. - Tamperproof:
2.1 The reference monitor itself must be protected from modification.
2.2 Untrusted processes cannot alter its logic or the access control policy it enforces.
2.3 Importance: Maintains the integrity of the access control system; if it’s compromised, the entire system is vulnerable. - Verifiable:
3.1 The reference monitor’s code and logic should be simple enough to be tested and formally verified.
3.2 This ensures it functions correctly and enforces the policy as intended.
3.3 Importance: Provides assurance that the security mechanism is reliable and trustworthy.
Illustrate, using a detailed example of a file access request, how a reference monitor enforces access control policies.
In your explanation, detail the roles of the interface, authorization module, and policy store.
[Reference Monitors and Security Enforcement]
Example: A user (subject) wants to read a file (object).
- Interface:
1.1 The user’s request (e.g., a system call) is received by the reference monitor’s interface.
1.2 This interface defines how requests are submitted to the reference monitor. - Authorization Module:
2.1 The authorization module takes the request and determines what checks need to be performed.
2.2 It maps the user to a subject label, the file to an object label, and the “read” action to a specific operation.
2.3 It then formulates a query for the policy store.
3.Policy Store:
3.1 The policy store holds the access control policy.
3.2 It receives the query from the authorization module (e.g., “Can user X read file Y?”).
3.3 It returns a decision (yes or no) based on the policy.
The reference monitor then allows or denies the file read operation based on the policy store’s decision.
Define the “protection state” in the context of operating system security.
[Access Matrix and Protection State]
The protection state describes the current set of permissions and access rights in a system.
It defines what operations subjects (users, processes) can perform on objects (files, devices).
It’s a snapshot of the system’s security configuration at a given time.
Explain the structure and purpose of an access matrix in representing the protection state.
Provide a simple example of an access matrix with at least two users, three files, and corresponding read, write, and execute permissions.
[Access Matrix and Protection State]
- Structure:
1.1 A table where rows represent subjects (e.g., users, processes).
1.2 Columns represent objects (e.g., files, resources).
1.3 Each cell (intersection of a row and column) contains the set of operations a subject can perform on an object. - Purpose:
2.1 Provides a clear and concise way to visualize and manage access rights.
2.2 Helps in defining and enforcing security policies.
Discuss the limitations of using access matrices in real-world, large-scale systems and outline potential strategies to mitigate these limitations.
[Access Matrix and Protection State]
- Limitations:
1.1 Size: Can become very large and unwieldy in systems with many subjects and objects.
1.2 Dynamic Changes: Difficult to manage frequent changes like user creation/deletion or file creation/deletion.
1.3 Complexity: Managing access rights becomes complex as the system grows. - Mitigation Strategies:
2.1 Access Control Lists (ACLs): Store permissions with objects rather than in a matrix.
2.2 Capability Lists: Store permissions with subjects.
2.3 Role-Based Access Control (RBAC): Group permissions into roles to simplify management.
2.4 Attribute-Based Access Control (ABAC): Use attributes for more flexible and context-aware permissions.
Compare and contrast Mandatory Access Control (MAC) and Discretionary Access Control (DAC) models.
[Comparative Analysis of MAC and DAC]
- Mandatory Access Control (MAC):
1.1 Centralized control by a system administrator.
1.2 Access decisions based on security labels assigned to subjects and objects.
1.3 Enforces a strict, system-wide policy. - Discretionary Access Control (DAC):
2.1 Decentralized control; resource owners have control over who accesses their resources.
2.2 Access decisions based on user identities and permissions.
2.3 More flexible, allows for individual user preferences. - Comparison:
3.1 MAC emphasizes security and control
3.2 DAC emphasizes flexibility and user autonomy
Evaluate the benefits and drawbacks of each access control model, considering factors such as flexibility, security, and administrative overhead.
[Comparative Analysis of MAC and DAC]
MAC:
1. Benefits: High security, consistency, and enforcement of the principle of least privilege.
2. Drawbacks: Rigid, less flexible, and high administrative overhead.
DAC:
1. Benefits: Flexible, easy to implement, and less administrative overhead.
2. Drawbacks: Less secure, potential for inconsistent policies, and difficult to scale.
Provide specific scenarios where (i) MAC and (ii) DAC would be the most appropriate access control mechanisms.
Justify your choices with clear reasoning.
[Comparative Analysis of MAC and DAC]
MAC:
1. Military or government systems with high-security requirements.
2. Any system where confidentiality and integrity are paramount and user discretion is limited.
3. Reasoning: MAC’s centralized control and label-based system ensure that information flow is strictly controlled and protected.
DAC:
1. Personal computer systems or small office environments.
2. File-sharing systems where users need to easily manage access to their own data.
3. Reasoning: DAC’s flexibility and ease of use make it suitable for scenarios where users need autonomy over their resources.
Explain the fundamental principles of Role-Based Access Control (RBAC) and its key components.
[RBAC vs. ABAC: A Detailed Examination]
Principles:
1. Access permissions are associated with roles, not directly with users.
2. Users are assigned to roles.
3. Role assignments can change, but permissions associated with roles typically remain static.
Components:
1. Users: Individuals who interact with the system.
2. Roles: Job functions or titles that define a set of permissions.
3. Permissions: Access rights to resources.
4. Role Assignments: The mapping of users to roles.
Describe Attribute-Based Access Control (ABAC) and analyze how it provides a more flexible approach to access control compared to RBAC.
[RBAC vs. ABAC: A Detailed Examination]
ABAC:
1. Access is granted based on attributes of the user, the resource, and the environment.
2. Attributes are characteristics or properties (e.g., user’s department, resource sensitivity, time of day, location).
3. Policies are defined using these attributes.
Flexibility Compared to RBAC:
1. Granularity: ABAC allows for finer-grained control than RBAC.
2. Context-Awareness: ABAC can incorporate contextual information (e.g., time, location).
3. Dynamic Policies: ABAC policies can be more easily adapted to changing requirements.
Discuss the advantages and disadvantages of each model.
Under what circumstances would the implementation of ABAC be favored over RBAC?
Provide practical examples to support your answer.
[RBAC vs. ABAC: A Detailed Examination]
RBAC:
1. Advantages: Centralized management, intuitive policies, and easy maintenance in static environments.
2. Disadvantages: Not suitable for granular policies, can become complex in dynamic environments, and limited scope.
ABAC:
1. Advantages: High flexibility, context-aware, fine-grained control, and well-suited for cloud environments.
2. Disadvantages: Requires a strong foundation and can be more complex to implement initially.
Circumstances for ABAC over RBAC:
1. Cloud computing: Need for dynamic, context-aware policies.
2. Healthcare: Fine-grained control over patient data based on attributes like doctor specialty and patient consent.
3. Finance: Complex regulations requiring attribute-based access (e.g., access based on transaction amount, user location, time of day).
Define and explain the significance of the “Simple-Security Property” and the “Security Property” in the context of secure information flow.
[Security Properties and Trojan Horse Threats]
Simple-Security Property:
1. A subject cannot read data at a higher security level.
2. “No read up.”
3. Significance: Prevents unauthorized disclosure of sensitive information.
Security Property:
1. A subject cannot write data to a lower security level.
2. “No write down.”
3. Significance: Prevents compromised subjects from leaking sensitive information to less secure areas.
Elaborate on the concept of a “Trojan horse” and analyze the potential security threats it poses to computer systems.
[Security Properties and Trojan Horse Threats]
Trojan Horse:
1. A malicious program disguised as legitimate software.
2. Users are tricked into installing it.
Threats:
1. Data theft: Can steal sensitive information.
2. Data modification: Can alter or delete data.
3. System compromise: Can provide attackers with unauthorized access.
Discuss how access control mechanisms can be effectively employed to mitigate the risks associated with Trojan horse attacks.
[Security Properties and Trojan Horse Threats]
- Principle of Least Privilege:
Limits the damage a Trojan horse can do by restricting the user’s privileges. - Mandatory Access Control (MAC):
Can prevent a Trojan horse from accessing or writing to files outside the user’s security level. - Regular Audits:
Help detect unauthorized access or changes to files. - Strong Authentication:
Makes it harder for attackers to use stolen credentials to install Trojan horses.
Explain how access control is implemented within operating systems, detailing the interaction between system components.
[Access Control Implementation in Operating Systems]
Operating systems integrate access control into their core functions.
Key Components:
1. Kernel: The core of the OS, responsible for enforcing access control.
2. File System: Manages file permissions (e.g., DAC in many systems).
3. Memory Management: Controls access to memory segments.
4. Process Management: Manages process privileges.
Interaction:
1. When a process tries to access a resource (e.g., open a file), the OS kernel intercepts the request.
2. The kernel’s reference monitor checks if the access is allowed based on the system’s access control policy.
3. The kernel then either grants or denies the request.
Discuss the critical role of the kernel in enforcing access control policies and maintaining system security.
[Access Control Implementation in Operating Systems]
The kernel is the central authority for access control.
It has complete control over system resources.
It must be tamperproof to prevent bypassing of access control.
The kernel enforces the principle of least privilege to limit the potential damage from security breaches.
It acts as a reference monitor, ensuring all access requests are validated.
Analyze the challenges involved in designing and implementing robust access control mechanisms in complex, modern operating systems. How does the principle of least privilege influence operating system design?
[Access Control Implementation in Operating Systems]
Challenges:
1. Complexity:
Modern OSs are very complex, with many interacting components.
2. Performance Overhead:
Access control checks can add overhead.
3. Compatibility:
Maintaining compatibility with existing applications.
4. Evolving Threats:
OSs must adapt to new security
What’s the difference between “Protection” and “Security” in the context of cyber security?
Protection: security goals are met in the presence of [trusted subjects]
Security: security goals are met in the presence of [potentially
malicious subjects]
