Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IMI Study Guide > CAMS-Access Control Matrix > Flashcards

CAMS-Access Control Matrix Flashcards

Access Control List (ACL) Access Control Matrix vs ACL User Capability List ACL vs Capability List ACL Approach Capability Approach Access Control Matrix and Capability List Conclusion

1
Q

Understanding the Access Control Matrix

A

Access control matrix is a security model that protects digital resources or “objects” from unauthorized access. It can be thought of as an array of cells with each column and row for users “subject” and object. An entry in a given cell demonstrates a specific subject’s access mode on the corresponding object. Every column represents an object’s access list, while a row is equivalent to a subject’s access profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control List (ACL)

A

ACL is a table that notifies the computer system of a user’s access rights to a given system file or file directory. Every object is assigned a security attribute to establish its access control list. The ACL has a specific entry for every system user with the related access privileges. These privileges touch on the ability to write and read a file or files, and if it is a program of an executable file, it defines the user access to those rights. Some operating systems that use ACLs include Digital’s OpenVMS, Microsoft Windows NT/2000, UNIX, and Novell’s NetWare.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access Control Matrix vs ACL

A

The primary difference between the access control matrix and ACL is that the latter defines a set of privileges attached to an object. In contrast, the control matrix outlines the subject’s access permissions on an object.

Information security is pivotal within a computerized real-time system. As such, a system implements various measures to achieve just that. The primary criterion is user authentication, which requires the user to furnish the system with personal details.

For instance, a system may request the user to insert his username and password to access a file. After authentication, the system will move to authorization, granting rights to the authenticated users. They both permit users to delegate rights for third parties to access resources, information, or systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

User Capability List

A

A capability list is a key, token, or ticket that grants the processor approval to access an object within the computer system.

The user is evaluated against a capability list before gaining access to a specific object. In addition, a capability list is wholly transferable regardless of its administrator. Such an arrangement eradicates the need for system authentication. Unlike capability lists, ACLs allow users to stop worrying about authentication. Users cannot ignore authentication with a capability list because it is core to the protection mechanism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ACL vs Capability List

A

We have to use a real-life scenario to understand the difference between the two lists, and in this case, a bank analogy. John wishes to store all his valuable items in a safe box maintained by a bank. In some cases, he would want one or two of his trustworthy relatives to access the box to make withdraws and deposits. The bank can regulate access to John’s box in two ways: maintain a list of persons John has authorized to access the safe box to or issue John one or multiple access keys to the box.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ACL Approach

A
  • Bank’s role: the financial institution must have a list of account holders, verify users, and define privileges. The entity needs to maintain the list’s integrity and authenticate access.
  • Adding new users: a user must pay a visit to the bank’s branch to add more users
  • Delegation: the approved third parties cannot delegate their access rights to other parties.
  • Removing users: when the holder perceives the approved third-party as untrustworthy or not needed, they can delete their names from the list.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Capability Approach

A
  • Bank’s role: the bank is not involved
  • Access rights: the holder defines access rights
  • Add new users: the holder can assign a key to new users
  • Delegation: third-party can extend their privileges to others
  • Revoke: holder can recall his key from the thirty-party, but it may be challenging to establish whether they made a copy.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access Control Matrix and Capability List

A

A capability list is not appropriate for systems where actions are centered on users. It will result in duplications and complicate the management of rights. Because access matrix does not explicitly define the scale of the protection mechanism, it is often used to model static access privileges in a given access control system. It does not represent the rules of changing rights within a system, and hence partially describes the system’s security policy. Access control and capability-based policies are subsets of a protection mechanism, while an access control matrix can model their static privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Conclusion

A

In conclusion, the concepts of ACL, objects, subjects, access control matrix and capability list can be defined holistically as indicated in the table diagram. One last item to keep in mind when creating an access control matrix and capability list is the consideration of segregation of duties and least privilege to make sure there are no access conflicts or access creep.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IMI Study Guide (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions