P1L5 Flashcards

1
Q

access control

A

who is allowed to access what

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2 parts of access control

A
  1. decide who would have access

2. enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access control metric (ACM)

A
  • abstract state: rows-users, column-resources

- ACM[U,O] defines what access right user U have on object O

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

confidentiality

A
  • read related
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

integrity

A
  • write related
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

discretionary access control (DAC)

A

access to a resource is at the discretion of its owner. Since a user can make a copy and share with the third person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ACL (access control list)

A

handle access to object Oi (column wise)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

capability list (C-list)

A
  • handle right of user Ui (row wise)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

where are ACL and C-list

A

in the trusted part of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

how do we perform access control check

A

transversal of ACL to see if an ACE (access control entry) exists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

a capability in C-list

A
  • unforgeable reference/handle for a resource

- user catalog of capabilities define defines what a certain user can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

hydra

A

store c-list in objs, resources themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

how sharing happens?

A

create new ACE, and add access right to that

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

most OS use ACL or C-list? why?

A

ACL, which is good for accountability and revocation. C-list is only good for efficiency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

a movie ticket is a capability or access control entry?

A

capability (holder get access)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

when does access check for ACE stop?

A

neg/deny found or transverse the whole list

17
Q

how is access control implemented in unix

A
  • each resource look like a file
  • each file has an owner
  • each file can possibly be accessed by owner, group or everyone
  • permission r,w,x
  • ACL implemented using bitmap, 9 bits
18
Q

how does OS implement ACL?

A
  • process call open file
  • openfile table get i (index) from i-node table and return to the process
  • ACL bit is stored at the same location on i-node table. This will grant access and point to the file data.
19
Q

TOCTOU (time to check time to use) vulnerability

A

permission changed between checking and using

20
Q

in unix, you can share the file by sharing the file descriptor

A

false

21
Q

setuid bit set

A

the uid of the process will be the owner

22
Q

roll-based access control (RBAC)

A

user -> roll -> rights

23
Q

RBAC benefits

A

policy associates with roll (in case a user leave or new one comes in)

24
Q

fail safe

A

deny when in doubt