Access Control: Discretionary and Mandatory

Question 1

How does the TCB decide if a request should be granted?

Answer 1

Authentication (establishes source) and authorization (grants access based on identity)

Question 2

Who can grant access?

Answer 2

Normally the person who creates/owns a resource

Question 3

What is the difference between policy and enforcement?

Answer 3

Policy is who can access

Enforcement is only allowing authorized people to access

Question 4

What is an Access Control Matrix?

Answer 4

Essentially a table that stores access rights to resources
Usually very large
Can be sparse

Rows = users/subjects/groups
Columns = resources

Question 5

Where should the ACL/C-List be stored?

Answer 5

Trusted part of the system

Question 6

What is an ACL?

Answer 6

Access control list
Consists of access control entries (ACEs) and other object meta-data
Indexed by object/resource (lists users and their access rights per object)

Question 7

What is a C-List?

Answer 7

Capabilities list that defines what a certain user can access

Can be stored in objects/resources
Indexed by user (lists objects and their access rights)
Sharing access requires propagation of capabilities

Question 8

What is a capability?

Answer 8

Unforgeable reference/handle for a resource

Question 9

How does UNIX implement access controls?

Answer 9

Each resource looks like a file, and has an owner
RWX bits for owner, group and world
Originally 9 bits for access, but other bits there now
There are other variants for access control

Question 10

Who is authenticated when running a program/accessing a file?

Answer 10

The owner, not the person accessing

Question 11

What is role based access control?

Answer 11

Used in enterprise settings
Based on job function or role of a user
Users can have one or more roles
Users authenticate themselves to the system and then activate their roles
Policy does not need to be updated as employees come and go
New employees can activate themselves

Question 12

What is Mandatory Access Control?

Answer 12

Company decides how data should be shared

Users have classification levels that limit what they can access

Question 13

What are the issues with Discretionary Access Control?

Answer 13

Cannot control information flow

In some cases, user cannot decide how certain types of data can be shared

Question 14

How do we implement MAC?

Answer 14

Label files to indicate sensitivity and category of data
TCB checks user label and object labels
Labels largely depend on the organization using them

Question 15

What is involved in a label?

Answer 15

The sensitivity level and the compartment

Compartment = descriptor

Question 16

Characteristics of the Bell and LaPadua Model

Answer 16

Four classes: Top Secret, Secret, Classified, Unclassified
Simple security property (no read up)
Start property (no write down)

Question 17

Characteristics of the Biba Model

Answer 17

Focuses on integrity rather than confidentiality

Allows for read up and write down

Question 18

Policies for Commercial Environments

Answer 18

User clearance is not common
Data only accessible by applications
Requires separation of duty and conflict of interest requirements

Question 19

What is the Clark-Wilson Policy?

Answer 19

Same user cannot execute two programs that require separation of duty

Question 20

What is the Chinese Wall Policy?

Answer 20

User can access any object as long as they have not access an object from another company in the same conflict class