Lecture 3 - ABAC

Question 1

ABAC?

Answer 1

ABAC controls access based on attributes of the users, the
resources to be accessed, and current environmental conditions

Question 2

What is a concern with ABAC?

Answer 2

performance, as resource and user properties would have to be evaluated on each access

Question 3

What is ABAC exceptionally good for and why?

Answer 3

web services, as these already have a high performance cost on each access

Question 4

What does ABAC stand for?

Answer 4

Attribute Based Access Control

Question 5

Is the subject a passive or active entity?

Answer 5

active

Question 6

Is the object a passive or active entity?

Answer 6

passive

Question 7

What is special about environment attributes?

Answer 7

They’re usually ignored in most access control policies that are implemented

Question 8

How many independent sources of information are used to make the access control decision?

Answer 8

4 these are attrbutes for 3 entities and the access control policy (rules)

Question 9

Advantages of ABAC?

Answer 9

powerful and extremely flexible

Question 10

Disadvantages of ABAC?

Answer 10

complex to implement and design
performance can be poor

hence there is a tradeoff on complexity and performance

Question 11

What is a policy?

Answer 11

The set of rules and relationships that govern allowable behaviour within a system.

Question 12

What are privileges?

Answer 12

represent authorized behaviour of a subject

Question 13

How is a policy written?

Answer 13

From the perspective of the privilages available to subjects (what they can do) and how the object needs protecting.

Question 14

Example rule?