Access Control Models Flashcards
What is the Mandatory Access Control (MAC)?
uses security labels to determine which users are authorized to access a particular resource.
What is Discretionary Access Control (DAC)?
resource’s owner is allowed to specify which user can access each resource.
What is Role Based Access Control (RBAC)?
Assigns users to roles and uses these roles to grant permissions to resources
What is Rule Based Access Control (RBAC)?
Access is determined by rules set by the system administrator
What is an Attribute-Based Access Control (ABAC)?
Uses object characteristics for access control decisions
What are User Attributes?
Users name, role, organization, ID, or security clearance level
What are Environment Attributes?
Time of access, data location, and current organizations threat level
What are Resource Attributes?
File creation date, resource owner, file name, and data sensitivity
What is Time-of-day Restrictions?
Controls restrict resource access based on requests times
What is the Principle Of Least Privilege?
Granting users the minimum access required for their tasks, without extra privileges
What is Permission or Authorization Creep?
Occurs where a user gains excessive rights during their career progression in the company