Access Control Models Flashcards
Discretionary Access Control (DAC)
Access policy determined by owner.
Used by Windows.
Mandatory Access Control (MAC)
Computer determines access by using security labels. Every subject (user) and file/folder/device or network connection (objects) is assigned a data label. Every data label creates a trust level for all subjects and objects.
Used in high security systems such as in the military. You essentially must have a “need to know” for access. MAC is implemented via Rule-based and Lattice-based access control methods.
Exists in FreeBSD OS and SELinux OS.
Rule Based Access Control
This is not RBAC
Label-based access control. Access is granted or denied to objects by comparing the object label and the subject label.
Just know that this is apart of Mandatory Access Control for exam.
Lattice Based Access Control
Utilizes complex mathematics to create sets of objects and subjects to define how they interact.
Just know that this is apart of Mandatory Access Control for exam.
Role-Based Access Control (RBAC)
Access controlled by system like MAC but utilizes a set of permissions instead of data labels.
Attribute-Based Access Control (ABAC)
Access is dynamic and context-aware using IF-THEN statements. Uses tags.