Access Control

Question 1

What is access control?

Answer 1

Control who has access to services and resources in the network

Question 2

What are the forms of access control?

Answer 2

Authentication servers
Physical access control
Traffic filters
Access control lists in an OS

Question 3

What does access to a system mean?

Answer 3

Subject, in the form of a human or process, requests a passive object (resource) with some specific access operation.

Question 4

What is a reference monitor?

Answer 4

Piece of software or hardware that examines and can grant or deny the request.

Question 5

At what level does the reference monitor support security?

Answer 5

Hardware or OS layer, a subject can be allowed to access resources and the type of access decided

Question 6

What types of protective separation is done?

Answer 6

Physical Seperation
Logical Seperation
Temporal Seperation
Cryptographic Seperation

Question 7

What is physical separation?

Answer 7

Different processes use different object such as printers, files or servers

Question 8

What is temporal separation?

Answer 8

Processes with different security requirements can only be run at separate times.

Question 9

What is logical separation?

Answer 9

A process’s access is constrained so that it cannot access outwith its permitted domain

Question 10

What is cryptographic separation?

Answer 10

Files (data) or processes are hidden or obfuscated under cryptographic protocols.

Question 11

What are the Unix access rights?

Answer 11

Execute, read, append, write

Question 12

What do some systems split their permissions into further?

Answer 12

Rename or change permissions
Create Files
Transfer
Propagate

Question 13

What is the Principle of Least Privilege?

Answer 13

only users that need a resource for their role should have access to it.

Question 14

What is an access control list?

Answer 14

Describes the rights of subjects and objects

Works best in data-oriented systems where permissions are stored alongside the data

Question 15

What are the drawbacks of ACL?

Answer 15

Inefficient, the repetition throughout the system of values.
Checked for each file at runtime
Doesn’t scale, on change for a user has to change each and every file

Question 16

Is C-List used for access control?

Answer 16

No as it’s easier for an OS to control access to objects rather than users.

Despite being more efficient at runtime checking, slower in determining who has resource access

Uses PK certificates for user identification

Question 17

What is DAC?

Answer 17

Discretionary Access Control (DAC)

Subject creates a resource it can allow access to.

User sets own protection level which is enforced by the system.

Question 18

What does strict DAC do?

Answer 18

Allows for the granting of access but not ownership to subjects. Ownership must be transferred.

Question 19

What is MAC?

Answer 19

Mandatory Access Control is where users and resources have fixed security attributes (labels) assigned by an admin. User can access the resources with labels allowing them to.

MAC is set globally and can’t be changed.

Question 20

Can MAC be changed?

Answer 20

It can be by trusted processes, otherwise it is immutable.

Question 21

What issues do both MAC and DAC have?

Answer 21

Canceling
Adding
Merging

Question 22

How are policy conflicts dealt with?

Answer 22

Resolved by reference monitor

Question 23

What are privileges?

Answer 23

The right to exercise rights. Like groups, can be seen as an intermediate layer between objects and subjects.

Question 24

What do Reference monitors mediate access to?

Answer 24

Objects such as the kernel and physical resources.

Question 25

Where can the reference monitor be situated?

Answer 25

Access Control System
Hypervisor
In an application
In the services layer

Question 26

What is a security kernel?

Answer 26

Piece of Hardware, Software or Firmware that implements the reference monitor

Question 27

What are the conditions of the security kernel?

Answer 27

Must be tamper-proof and verifiable

Question 28

What is TCB?

Answer 28

Trusted Computer Base

Group of systems that enforce a security policy

Question 29

What is the TCB made up of?

Answer 29

Daemon, Firmware, Software Controls, Firewalls, Interrogate software, Virus Protection

These ensure correct access and correct inputs

Question 30

How s RBAC implemented?

Answer 30

At the application layer.

Functional groups or user roles based on info needed for job function.

Each role allows certain privileges.

Question 31

What are the rings of protection and what do they do?

Answer 31

Offer different levels of privilege for the users or system programs.

Ring 0: Kernel
Ring 1: Supervisor
Ring 3: User Space

Question 32

What ring changes privileges in a system?

Answer 32

Ring 0

Question 33

How can userspace programs communicate with the kernel?

Answer 33

System calls

Question 34

What forms can Windows ACL take?

Answer 34

Discretionary ACL (DACL)
Systems ACL (SACL)

Question 35

What is DACL?

Answer 35

List of access control entities (ACEs). If there are none then the object is presumed to allow full access to all subjects.

Question 36

What is an ACE?

Answer 36

Access Control Entity. Each ACE controls or monitors access to an object by a specified trustee.

Can be of type Access Denied, Access Allowed or System_Audit

Question 37

What is SACL?

Answer 37

Logs attempt to access resources.

Question 38

What is HAL?

Answer 38

Hardware Acceleration Layer

Provides an interface ot the hardware

Question 39

How is the security reference monitor run on Windows?

Answer 39

Run from the windows executive

local security authority runs at login

The security account manager keeps the user database account.

Question 40

What can subjects be in Windows?

Answer 40

Users
Domains
Groups
Machines

Question 41

What are principles made of?

Answer 41

Username

SID

Question 42

What is stored in an access token?

Answer 42

Security credentials for a process

Question 43

What are the security levels?

Answer 43

Attributes of a system, policies may consist of them.

Question 44

What type of access control does MAC use?

Answer 44

Rule BAC

Question 45

What type of access control does DAC use?

Answer 45

Identity BAC (IBAC)