L6 - Access Control Flashcards
A file is created by a certain user who becomes its owner. The owner can choose to provide access to this file to other users. If file data confidentiality is desired, the owner should control who has…
a) Read access to the file
b) Write access to the file
c) Both read and write access to the file
a) Read access to the file
Confidentiality is all about disclosure of sensitive data, which means it’s about reading the data.
Writing is about integrity of the data.
The access control policy in a system can either define positive access for a certain subject or can specify that the subject be denied access. Consider a case where subject Alice belongs to a group All-Students. The system specifies that members of the group All-Students be able to read file “foo” but Alice is denied access for it. In such a case, what should the system do?
a) Alice has access because she is a member of All-Students so she must be allowed to read foo
b) Negative access should take precedence and Alice’s request must be denied
b) Negative access should take precedence and Alice’s request must be denied
In discretionary access control (DAC), access to a resource is at the discretion of its owner. Let us assume owner Alice of file foo can choose to grant read access to foo to another user Bob but can prevent Bob from propagating this access right to others. Does this ensure that a third user, Charlie, can never read the data from foo?
a) Yes, Charlie is not granted access so cannot read
b) No, there may be another way for Charlie to access the data from foo
b) No, there may be another way for Charlie to access the data from foo
Bob can copy the foo into a new file. He can give Charlie the permission to read the new file.
ACL is used to
a) Look up objects
b) Look up users
a) Look up objects
C-Lists is used to
a) Look up objects
b) Look up users
b) Look up users
Alice goes to a movie theater and purchases a ticket for her favorite movie. She is allowed access to the movie because she has the ticket. The ticket is more like a …
a) Access control entry
b) Capability
b) Capability
The ticket is a capability.
The possession of the ticket allows Alice entry. The ticket taker does not need to know who holds the ticket. Doesn’t know who Alice is, so it’s not an ACE. An ACE needs some user id. Mere possession of the ticket is enough for access
Some operating systems (e.g. Windows) include deny or negative access rights. In this case, an access check procedure can terminate as soon as…
a) A positive or grant access ACE is found for the requestor
b) A negative or deny ACE is found
c) The whole ACL must be traversed always
B and C
Revocation of certain access rights can be carried out easily in systems that use
a) ACLs
b) C-lists
a) ACLs
Easier because you traverse the ACE for the user for whom you want to remove the access.
A time-to-check-time-to-use vulnerability arises when access check is performed separately from when a file is read or written. TOCTOU vulnerability arises when…
a) File permissions change after an open() call completes for the file and before it is closed
b) The file permission change only when the file is currently not opened by any program
a) File permissions change after an open() call completes for the file and before it is closed
In Unix based systems, a file can be shared by sharing its descriptor
a) True
b) False
b) False
The descriptors points to per process tables
An executable file F1 has the setuid bit set and is owned by user U1. When user U2 executes F1 (assuming U2 has execute permission for F1), the UID of the process executing F1 is…
a) U1
b) U2
a) U1
In systems that do not support RBAC but allow user groups to be defined, benefits of RBAC can be realized with groups.
a) True
b) False
b) False
Roles are based on a function/job. Payroll manager needs access to pay files. Groups what set of users are similar.
Roles are resource related and Groups are subject/user related.
Fail-safe defaults implies that when an access control policy is silent about access to a certain user U…
a) Access must be denied when U makes a request
b) Access can be granted because it is not explicitly denied
a) Access must be denied when U makes a request
Which is more efficient?
a) ACL
b) C-List
b) C-List
ACL are not as efficient as C-List when it comes to finding access rights.
Which is better for Accountability?
a) ACL
b) C-List
a) ACL
Accountability can be found quite easily and in one place with ACL. With C-Lists
each user’s catalog must be checked to see if access to the object. ACLs are better at accountability.