Access Control Policies and Mechanisms Flashcards
How do we typically view a system as?
Subjects (users) and objects (resources). Where subjects do actions on objects.
What is an access control policy?
Specification on how each subject can use each object.
Define the idea for an access control matrix:
- Resources to be protected are called objects
- Every object is within one ore more protected domains
- A domain specifies what operations are permitted on the objects it contains.
- Authorization to perform an operation on an object in a domain is called an access right.
What are static domains?
A user always operates in the same domain.
What are dynamic domains?
A user can switch from one domain to another
What is the matrix for an access control matrix?
- Rows represent the domains
- Columns correspond to the objects
- Matrix entries specify the access rights to an object in the corresponding domain.
What is the idea behind the HRU access control policy?
Describes a protection system using an access matrix:
- Rows: the subjects in the system
- Coloumns: the objects in a system.
How is access controlled in HRU?
A subject is allowed to perform an operation on an object only if it has an access right.
How does the HRU allow change?
- Subjects and object can be created or destroyed
- Access rights can be entered or deleted from the matrix
What does a reference monitor do?
Controls access to system objects.
What is a mechanisms used for?
Required to enforce the access control policy.
What are the two access mechanisms?
- Storing the matrix in protected memory
- Represent the matrix as an access list
What are the advantages of access mechanisms?
- You can specify rights available in every domain
- Reduce the total amount of storage space required
- Increase efficiency
What are the disadvantages of access mechanisms?
Must be stored in memory, protected and searched