Chapter 4

Question 1

DAC

Answer 1

Discretionary access control:

Control access is defined based on the requestor identity and the access rule

Question 2

MAC

Answer 2

Mandatory access control:

Control access is defined based on comparing the security labels with the security clearances.

Question 3

How does RBAC relate to DAC and MAC?

Answer 3

Role based access control:

The control access is defined based on the roles of the user.

Question 4

Three classes of subject in an access control system

Answer 4

Owner
Group
World

Question 5

Subject vs object in access control

Answer 5

subject: an entity and it has the capability of accessing the objects
Object: an entity that contains the information and it is a resource for the access control.

Question 6

Access right?

Answer 6

Read
Write
Execute
Delete
Create
Search

Question 7

ACL vs capability ticket

Answer 7

An ACL is used to list the users and their permitted access rights
A capability ticket is used to specify the authorized objects and operations fora particular user.

Question 8

What is a protection domain?

Answer 8

an object which is having a set of objects together with access rights.

Question 9

Four types of entities in a base model RBAC system.

Answer 9

User
Role
Permission
Session

Question 10

Describe three types of role hierarchy constraints.

Answer 10

Mutually exclusive roles
Cardinality
Prerequisite

Question 11

IN the NIST RBAC model, what is the difference between SSD and DSD?

Answer 11

Static separation of Duty relations:

Dynamic separation of duty relations