Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

comp sec > access control 2 > Flashcards

access control 2 Flashcards

1
Q

remind me what’s the goal of an access control mechanism , and er also can I have 2 examples

A

Access control mechanisms of a system enforce security policies by ensuring the system stays within
authorized states.
• If the mechanisms fail, the system may enter into an unauthorized state.

In Unix/Linux, a user may be granted access to raw read/write to a disk. This will bypass the protection imposed by the file system access control mechanism.
• Shared memory: some systems do not clear shared memory between use, so data may be exposed to unauthorized subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is SPR

A

S is the set of all possible states
P is the subset of S authorised by the policies
R is the subset of S that is reachable with the security mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

under SPR, when is the system secure. and when is it precise.

A

the system is secure if R is a subset of P
the system is precise (not overprotective) if R = P
also dude just take a screenshot of the diagram.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what are the different levels of sharing

A
  1. angry kid who keeps wig
  2. happy kid creates copies his wig on pieces of paper and gives it out
  3. happy kid gives out original versions of his wig
  4. happy kid goes into strangers car

No sharing (complete isolation)
 Sharing copies of data objects.
 Sharing originals of data objects.
 Sharing untrusted programs.

each level of sharing has different security problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

why do sharing problems not fall under the scope of an access control policy

A

it transfers information, not rights to
access objects.
• It is an information flow problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TROJAN HORSE. what is a horsehair wig

A

a wig that’s scratchy and made out of horsehair. if bucktha puts it on, it is now able to do what bucktha can do. it can destroy zhonghua. Like spyware and viruses

 A Trojan Horse performs functions not described in its
(advertised) specifications.
 If a Trojan Horse is executed by a principal, it will take on the privileges associated with that principal.
 This is the case in Unix and Windows systems.
 A Trojan Horse can misuse the rights belonging to the calling principals to copy, misuse or destroy data.
 Examples: malwares, viruses, spyware, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is confinement

A

Even if a “borrowed” program is confined (e.g., the sandboxing mechanism in Java) so it only has limited access to objects, it can still transmit data that it receives from the calling principal.
A user downloads and executes a software for filing tax return. Suppose the software is executed in a confined environment (e.g., virtual machine in Java), with limited access to the general system.
The user still needs to provide confidential financial data for the software to process. A malicious software may leak this confidential data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is mutual suspicion. it’s like the piracy problem when I legally download a game but can make a pirated copy of it lol.

A

The borrower of the program may be worried that the program steals data.
But the owner of the program may also be worried that the program can be copied without permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what are the general mechanisms for access control problems

A
  1. brent gets more rights than simone
  2. if you buy a wig, as a thinning brent, even, you get a receipt that says you OWN it
  3. there’s a list of the brents who own shit

Access Hierarchies: Automatically give privileged subjects a superset of the rights of less privileged subjects
Capabilities: “Tickets” for objects; possession of a capability unconditionally
authorizes the holder access to the
object.
Access control list: Lists of subjects having access rights
to some particular objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is the revocation of rights problem

A

Subjects may grant rights (capabilities) to other subjects; subjects may grant the right to grant rights.
In systems where rights can be transferred, revocation of rights can trigger cascading revocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In Unix, each file has an ACL with three entries corresponding to:

A
  1. The owner’s access right
  2. The access rights of all users in the owner’s group
  3. The access rights of all others.
    it’s that -rwxr-xr-r shit
    okay look just look at the tutorial okay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

who grants the security policies that specify how buckthas are granted access to wigs

A

whoever the fuck owns zhonghua, discretionary
or whoever owns all the schools bruh, like er MOE

 The owner of a resource, who may decree who is allowed access; such policies are called
discretionary as access control is at the owner’s discretion.
 A system-wide policy decreeing who is allowed access; such policies are called mandatory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is discretionary access control.

A

access control based on policies that refer to user identities. this is sometimes called identity based access control (IBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is mandatory access control

A

Access control based on policies that refer to security labels (confidential, top secret)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

when are direct mappings between subjects/principals and objects impractical

A

In large organisations, with large number of users and objects to control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what are some intermediate layers between subjects and objects. okay, I guess picture a circle of a large number of buckthas and wigs in an organisation. the air smells of neroli lemongrass. it’s dim and candlelit.

A
  1. groups and negative permissions
  2. roles
  3. protection rings

in the middle of the circle there is a man with a caved in head. He rolls on the floor in pain. pain, bread. french bread. he’s rolling out some french bread on the floor. hear his screams. on the floor there is also a glittering object. pick it up, wipe the blood off and see that some blood can’t come out of the grooves.
it was supposed to protect me, he says, writhing on the floor, the baguette becoming more french by the minute

17
Q

what is indirect mappings between subjects and objects in access control

A

principals of different primary schools will be grouped by district or by importance of primary school.

wigs will be grouped by colour and fullness.

the groups containing principals and the groups containing wigs are linked by procedures.

18
Q

Talk about scaling up IBAC

A

IBAC does not scale well and will incur an “identity management” overhead

Alice and Bob are students in a large class; teacher wants to give students access to some documents.
 Putting all names into several ACLs is tedious so the teacher defines a group, declares the students to be members of group, and puts group into the ACLs.
 Access rights are often defined for groups:
 Unix: owner, group, others

19
Q

what are negative permissions

A

to handle exceptions, negative permissions withdraw rights.

20
Q

what is a role

A

a role is a collection of procedures assigned to users, a user can have more than one role and more than one user can have the same role. Bucktha’s can have the role “cool bucktha” and get a cool leather jacket and a the procedure to sell meth

21
Q

what is role based access control

A

‘High level’ access operations with a more complex semantic than read or write;
procedures can only be applied to objects of certain data types.
• Example: Funds transfer between bank accounts.
• Roles are a good match for typical access control requirements in business.
• RBAC typically found at the application level.

e.g. if I’m a software developer in a large bank. i don’t have access to the database where upper management interferes with the political regime in developing countries

22
Q

what is the difference between group and role

A

group is a set of users, and they’re less stable (like the good place dorks, we call em not stable cos people resign very fast).

role is a set of procedures, tends to be more stable, this defins the necessary functions in the organisation rather than the organisation structures.
The french bread creates a structured bagettte empire where all french breads have parts to play and not play. Rise, like the yeast that made you made you.

23
Q

What is privileged mode

A

Gives a supervisor an access to every object in the system “root” in UNIX, “admin” in windows

also look at the image of the rings.

24
Q

how did windows get fucked by french count dooku

A

• In Windows, rendering of TrueType font is done in the kernel space (ring 0).
• The font is basically an executable script
• Specially crafted documents (Word file for example) can embed malicious codes in fonts,
which would then be executed in the kernel protection ring.
• Bug exploited by the ‘Duqu’ malware in 2011

comp sec (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions