Access Control: Discretionary and Mandatory Flashcards
How does the TCB decide if a request should be granted?
Authentication (establishes source) and authorization (grants access based on identity)
Who can grant access?
Normally the person who creates/owns a resource
What is the difference between policy and enforcement?
Policy is who can access
Enforcement is only allowing authorized people to access
What is an Access Control Matrix?
Essentially a table that stores access rights to resources
Usually very large
Can be sparse
Rows = users/subjects/groups Columns = resources
Where should the ACL/C-List be stored?
Trusted part of the system
What is an ACL?
Access control list
Consists of access control entries (ACEs) and other object meta-data
Indexed by object/resource (lists users and their access rights per object)
What is a C-List?
Capabilities list that defines what a certain user can access
Can be stored in objects/resources
Indexed by user (lists objects and their access rights)
Sharing access requires propagation of capabilities
What is a capability?
Unforgeable reference/handle for a resource
How does UNIX implement access controls?
Each resource looks like a file, and has an owner
RWX bits for owner, group and world
Originally 9 bits for access, but other bits there now
There are other variants for access control
Who is authenticated when running a program/accessing a file?
The owner, not the person accessing
What is role based access control?
Used in enterprise settings
Based on job function or role of a user
Users can have one or more roles
Users authenticate themselves to the system and then activate their roles
Policy does not need to be updated as employees come and go
New employees can activate themselves
What is Mandatory Access Control?
Company decides how data should be shared
Users have classification levels that limit what they can access
What are the issues with Discretionary Access Control?
Cannot control information flow
In some cases, user cannot decide how certain types of data can be shared
How do we implement MAC?
Label files to indicate sensitivity and category of data
TCB checks user label and object labels
Labels largely depend on the organization using them
What is involved in a label?
The sensitivity level and the compartment
Compartment = descriptor