Lecture 14 - Security

Question 1

What 5 broad objectives does security aim to provide?

Answer 1

Confidentiality - prevent unauthorized access

Integrity - ensure data has not been modified

Availability - ensure the system is accessible

Accountability - know who did what

Authentication - authenticate each user

Question 2

What is a protection domain?

Answer 2

A protection domain specifies the resources that a process may access.

A domain is defined as a set of < object, { access right set } > pairs

Question 3

How does a protection/access matrix work?

Answer 3

The rows of the matrix represent domains and columns represent files.

Each cell of the matrix represents a set of access rights.

Question 4

How can an access matrix be compressed?

Answer 4

By columns:

Associate permissions with each object: access control list

By rows:

Associate permissions with each domain: capabilities

Question 5

In UNIX what 3 domains are ACLs defined for?

Answer 5

File owner

Group

Everyone else

Question 6

How is a revocation of access rights easier in Access Lists than Capability Lists?

Answer 6

Access list - simply delete the rights

Capability - have to find the process and its list before the right can be deleted

Question 7

What is the difference between discretionary access control and mandatory access control?

Answer 7

Discretionary: each object has an owner, usually creator, who controls the access rights

Mandatory: creator is not owner, and does not control access rights, they are defined by a security policy

Question 8

What are the 3 forms of authentication?

Answer 8

Something you know - password

Something you have - key card

Something you are - biometric

Question 9

What is stack smashing/buffer overflow?

Answer 9

When program reads data into a buffer but does not check size

Data overflows and contains instructions which are then executed