Chapter 4 - Access Control

Question 1

Acess Control Definition

Define Access Control

Answer 1

The prevention of unauthorized access of a resource (or entering into physical facility)

also prevent legitimate users from using in unauthorize way

Question 2

RFC Definition (of computer security)

Define Access Control

Answer 2

Process by which use of system** resources** is regulated according to a security policy and permitted only by authorized entities

Question 3

Difference between User Authentication and Access Control

Define Access Control

Answer 3

Authentication establishes **who **you are and Access control establishes what you can do within a system

Question 4

Relationship to other security functions

Define Access Control

“Broader Context of Access Control”

Answer 4

1. Authentication: first verifies credentials of user are valid
2. Access Control: Grants permissions to a system resource
3. Auditing: Independent review of system records and activities to test adequacy, ensure compliance, and detect breaches

Question 5

Access control policies should dictate:

Access Control Principles

Answer 5

• Who can access a resource
• What type of access is allowed
• Under what conditions

Question 6

Access Control Basic Elements

Access Control Basic Elements

Answer 6

1. Subject (entity capable of accessing objects)
2. Object (Resource to be accessed)
3. Access Rights (What subject can do with object)

Subjects held accountable for actions they initiate!!!

Question 7

Classes of Subject (3)

Access Control Basic Elements

Answer 7

1. Owner
2. Group
3. World

Question 8

Examples of Access Rights

Access Control Basic Elements

Answer 8

• read
• write
• execute
• delete
• create
• search

Question 9

What are the three main Access Control Policies?

Access Control Principles

Answer 9

1. Discretionary Access Control (DAC): Based on identity of requestor
2. Mandatory Access Control (MAC): Based on labels and security clearances
3. Role-based Access Control (RBAC): Based on roles that users have in system

Not mutually exclusive, we can implement multiple at once!!!

Question 10

DAC definition

DAC

Answer 10

Scheme in which an entity may enable another entity to access some resource

Question 11

How is DAC often implemented?

DAC

Answer 11

An access matrix where:

• Rows = subjects
• Columns = objects
• Each cell = access rights

(That subject has to an object)

The value of cell password file:Eric = read

*From these we make access control lists and capability lists

Question 12

Why use ACLs or Capability Lists?

DAC

Answer 12

• Access matrix can become huge
• most of the cells are empty which wastes space
• changing permissions requires modifying matrix, more cumbersome than list

Question 13

What are Access Control Lists (ACLs)

DAC

Answer 13

List of subjects that can acccess a particular object

Question 14

What are capability lists?

DAC

Answer 14

List of objects that a particular subject can access

Question 15

ACL
Pro vs Con

DAC

Answer 15

Pro:
* Object owner can easily control who can access their resource

Con:
* Takes up too much space/search overhead (Many more objects in system compared to subjects)

good for managing permissions from perspective of objects (unix)

Question 16

Capability List
Pro vs Con

DAC

Answer 16

Pro:
* Easy to see what a user is allowed to access
* More flexible, subjects can access many objects and its easier to control that with capability lists

Con:
* Harder to manage by object (see all subjects that can access specific object)

Good for user-focused resource control

Question 17

How are UNIX files managed?

DAC

Answer 17

inodes

Question 18

What is an inode (index node) in Unix

DAC

Answer 18

A data structure in Unix that stores key information about a file for operating systemsto provide efficient hierarchical organization and access control

Does not contain file name or file contents

• File Attributes
• File permissions
• File control information

remember directory = file with list of file names and their respective inodes

Question 19

inode table

Answer 19

stored in disk, contains inodes of all files in filesystem

Question 20

What happens when a Unix file is opened

DAC

Answer 20

Its inode is brought into main memory (in memory-resistant inode table)

Inode table contains inodes of all files in the file system

1. System checks:
   * UID (unique user ID)
   * GID (Group ID)
   * Protection bits (Specify access permissions)
2. System grants either owner (UID), group (GID) or other class permissions

Question 21

How are the 12 protection bits used to show permissions?

DAC

Answer 21

Here’s a clearer version you can update your flashcard with:

Q: How are the 12 protection bits used to show permissions?
A:
1. 3 bits – Owner (rwx)
2. 3 bits – Group (rwx)
3. 3 bits – Other (rwx)
4. 3 bits – Special permissions:

•	SUID (Set User ID):
•	s – Execute bit is set (rwsr-xr-x)
•	S – Execute bit is not set (rwSrw-r--)
•	SGID (Set Group ID):
•	s – Execute bit is set (rwxr-sr-x)
•	S – Execute bit is not set (rwxrwS--)
•	Sticky Bit:
•	t – Execute bit is set (rwxr-xr-t)
•	T – Execute bit is not set (rwxr-xr-T)

Special bits explanation:
• Lowercase (s or t) – Execute permission is present.
• Uppercase (S or T) – Execute permission is not present, but the special permission still applies

Question 22

what happens when stickybit is applied to directory

Answer 22

only owners of files in directory can rename, move or delete users

Question 23

What does this 12 bit permission structure imply?

rwxr-x—

DAC

Answer 23

1. Owner can read, write and execute (all permissions)
2. Group can read and execute but not write
3. Other classes have no permission
4. No special permissions

Question 24

What does this 12 bit permission structure imply?

rwxr-sr–T

DAC

Answer 24

1. Owner can read, write, and execute
2. Group can read and execute with owner permissions
3. Others can only read
4. Only owner can delete/rename files

Question 25

rwxr--r--T

Answer 25

* Owner can read, write, and execute. * Group can read. * Others can read. * Only the owner can delete the file. ## Footnote because stickybit is located in execute field of other, we use t or T to decide if other can execute or not. T MEANS THEY CAN'T

Question 26

rwsr-sr-- how is this 12 bits?

Answer 26

111 110 100 001 The 9-character representation does not grow beyond 9 characters. It overlays the 12 bits by modifying the x positions for special permissions.

Question 27

Set UserID (SUID) and Set Group ID (SGID) | *DAC*

Answer 27

* or SUID means file will be executed w/ same permissions as owner of executable file * GUID means executed with same permissions as group owner of the file ## Footnote Ex: Passwd comman needs to edit files like /etc/passwd to change password, but these files are owned by root and can only be modified by root.

Question 28

Why should you be careful with special permissions like SUID and SGID? | *DAC*

Answer 28

Attackers can inject malicious commands as root user

Question 29

Role of superuser (root) in Unix | *DAC*

Answer 29

Exempt from usual access restrictions Has system-wide access Can install software and manage users | Kernel can only run with superuser privileges ## Footnote NEVER run untrusted software with superuser

Question 30

Why is the traditional Unix file access control inadequate for complex environments? | *DAC*

Answer 30

No individual user control, would require huge number of groups, impossible to represent some constraints | *Modern Unix systems like Linux and FreeBSD support ACLs*

Question 31

What do Modern UNIX systems support instead of the traditional file access control? | *DAC*

Answer 31

ACLs | More fine-grained control than traditional 12-bit protection system ## Footnote * **setfacl**: Used to assign an ACL to a file or directory. * **getfacl**: Used to retrieve and display the ACL associated with a file or directory.

Question 32

Why is ACL Model better than traditional 12-bit permission system? | *DAC*

Answer 32

Extends these permissions: **more granular assignments**. ## Footnote **Traditional Permissions:** You would either need to add them all to the group or open access to "others." **ACLs:** Assign specific read, write, or execute permissions to only the required users, without affecting the rest of the group or "others."

Question 33

What is an Access Control List (ACL) in Unix | *DAC*

Answer 33

ACL tailored to Unix or Unix-like systems to extend the traditional permission model *(owner, group, others)*, to allow defining permissions for individual users *(beyond owner, group, others)* • still maintaining hierarchical structure • Set mask for added control

Question 34

What is the two-step process in ACL model in UNIX? | *DAC*

Answer 34

Process requests access to file: 1. OS selects most appropriate ACL entry (Owner, user, group, or others) 2. OS verifies if the matching entry grants sufficient permissions to fulfill the request

Question 35

Mask in ACL model | *DAC*

Answer 35

Sets maximum permissions for group/named entries, even if some are assigned higher permissions

Question 36

What is Mandatory Access Control (MAC)? | *MAC*

Answer 36

Access is determined by system-enforced security labels and classifications, often used in military settings | *Labeling mechanism used* ## Footnote *Prevent illegal flow of information through the enforcement of **"multi-level security"***

Question 37

Downside of MAC | *MAC*

Answer 37

Requires a very **strict classification** of subject and objects, making it too rigid | *Information access limited by the "need-to-know*

Question 38

Compartment | *MAC*

Answer 38

Projects that are associated with a piece of classified information ## Footnote Maybe file is labeled **Secret;Finance** -- Secret Clearance and Finance Compartment access

Question 39

Classification vs Clearance | *MAC*

Answer 39

Classification: Class of an **object** Clearance: Indication that a **subject** is trusted up to a certain level | "A subject can read an object is the subject **dominates** the object"

Question 40

What is a "Need-to-Know" Principle in MAC?

Answer 40

Access is limited to users who require it for their duties, even if they have the proper security clearance

Question 41

Role-Based Access Control (RBAC) | *RBAC*

Answer 41

Access is granted based on roles assigned to users, rather than user identities ## Footnote * Users assigned to different roles * widespread commercial use and area of active research, NIST standards developed

Question 42

What is RBAC0? | *RBAC0*

Answer 42

**Base model in 4 model RBAC family** (basis for RBAC standardization efforts, as they are actually ongoing) **Containing four types of entities** 1. User (individual accessing system) 2. Role (named job function) 3. Permission (approval of particular mode of access to one or more objects) 4. Session (mapping between a user and an activated subset of their roles)

Question 43

What is RBAC2? | *RBAC2*

Answer 43

1. **Mutually Exclusive Roles** (only user can assume one role from a set) 2. **Cardinality**: Limits on the number of users per role 3. **Prerequisite Roles**: Users must have a specific role before assuming another

Question 44

What is RBAC1? | *RBAC1*

Answer 44

It adds role **hierarchies** to the basic RBAC model, where roles inherit permissions from subordinate roles.