Lesson 3 Flashcards
access control basics (4)
allowing
denying
limiting
revoking
most common permissions in ACLs (3)
read, write, execute
network ACLs regulate the activity of
IP addresses, MAC addresses, ports
attack that utilizes elevated permissions of software when the user has lower permissions
cross-site request forgery and clickjacking (confused deputy problem)
attack that misuses the authority of browser on the user’s computer. embeds a link into a web page or email that will direct the user to the link without their knowledge
CSRF (cross-site request forgery)
attack that manipulates a web page and creates a ‘cover’ that users interact with, when they think they are interacting with the normal web page
clickjacking
model of access control based on access being determined by the owner of the resource
discretionary
model of access control in which access is decided by a group of authority which may or may not include the owner of the resource
mandatory
model of access control based off allowing or denying based on a set of predetermined rules
rule-based
model of access control that functions on access controls set by a responsible authority, access is based on the role of the individual accessing the data
role-based
model of access control based on attributes of a particular person, resource, or environment
attribute-based
model that implements DAC and MAC, mainly concerned with confidentiality (no read up and no write down)
bell-lapadula model
model concerned with integrity of data (no read down and no write up)
biba model
model designed to prevent conflicts of interest (contains objects, company groups, conflict classes), focused on data integrity
brewer and nash model
