L8 - Access control Flashcards
What is access control?
is a term for which the processs of a computes system controls interaction between user and system resources.
What is reference monitoring?
It’s function is to determine the validity of request from a user and returns a decision either granting or denying said request.
The request can be to read ,write or execute to a resource in the system.
What is the subject?
It’s an entity capable of accessing objects. It’s divided into three classes:
* Owner
* Group
* World
What is the object?
It’s a resource to which access is being controlled.
An object is used to contain and or receive information.
What is access right?
It described the way a subject may access an object. Could include: read, write, execute, delete, create and search
What is discretionary access control?
It’s a type of control where a user can pass on their privilges to other users.
What is an access control matrix?
Is used to describe protection state precisely by describing the rights of the subjects. And how state transitions change elements of the matrix.
What are the disadvantages of a access control matrix?
- an abstract formulation of access control
- Not suitable for direct implementtation due to the matrix being extremely sparse.
- Management of the matrix is likely to be extremely difficult if there are a large amount of files and users.
What is a capability list?
it’s a row in an access control matrix which will indicate what access rights a certain subject has to all objects to the access control matrix.
What is a access control list?
Is the column in an access control matrix, it indicates a object and it’s subjects access rights.
What is role-based access control?
Is control where the decisions a subject may take are based on the role that they have.
What is cryptography?
It’s the study of mathematical techniques related to aspects of information security such as confindentiality, data integrity, entity authentication and data origin authentication.
What is symmetric encryption?
It’s a universal technique for providing confidentiality for transmitted or stored data. It uses a coventional encryption or single-key encryption. It requires a strong encryption algorithm.
Name a common cipher.
Caesar cipher: Moving all letters in the alphabet forward x amount of positions.
