MODULE 4 Flashcards
Extended access control matrix includes:
- Processes
- Devices
- Memory locations
- Subjects
Access control system commands:
Rules for modifications to access matrix
Protection domain:
Objects and their access rights
Inode:
Control structure with file information
ABAC:
Conditions on properties of both resource and subject
ICAM:
An approach to managing digital identities, credentials, and access control
Inferential attack:
Reconstructing information by sending particular requests and observing the result without actual transfer of data
Credential:
An object that binds an identity to a token
SQLi can be exploited to:
- Modify or delete data
- Execute commands
- Launch a DoS attack
SQL statement operations:
- Create a schema
- Create a table
- Insert/delete/update data
- Join tables and create views
- Retrieve data
Out-band attack:
Attacks used when there’re limitations on information retrieval, but the outbound connectivity from the database server is lax
Categories of database users:
- Application owner
- End user
- Administrator
DBMS policies:
- Centralized administration
- Ownership-based administration
- Decentralized administration
DB RBAC user role management:
- Create and delete roles
- Define permissions for a role
- Assign and remove roles from users
Metadata:
Knowledge about dependencies in data
