P1L5 Access Control Flashcards

1
Q

Two parts to Access Control

A
  1. Decide who should have access to certain resources. An access control policy.
  2. Enforcement–only accesses defined by the access control policy are granted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control Matrix (ACM)

A

Rows correspond to sources of the request (users/subjects/groups)
Columns correspond to the resources that need protected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Discretionary Access Control

A

Access is at the discretion of its owner. Owner can grant access to other users and also allow or not allow the other users to propagate this access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Flaw with DAC

A

Other user can copy to another file and then share with third party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access Control List (ACL)

A

Columns for an object that define each users rights of that object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Capability List (C-List)

A

Rows for a user that define that user’s rights for each object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Where should ACL be stored?

A
  • -In trusted part of system
  • -Consists of access control entries
  • -Should be stored along with other object meta-data
  • -Checking requires traversal of the ACL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Where should C-List be stored?

A
  • -It is per user
  • -A capability is an unforgeable reference/handle for a resource
  • -User catalogue of capabilities defines what a certain user can access
  • -Can be stored in objects/resources themselves
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ACL vs C-List

A

Efficiency–ACL are not as efficient as C-List
Accountability–Can be found easily in ACL. With C-List, each user’s catalog must be checked to see if access ok.
Revocation–Revoking access in ACL is easy

Most OS uses ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does OS implement ACL?

A

The OS keeps track of info about each file and its metadata, called an i-node. Open files are stored in the meta-data table. The file must be active.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Role Based Access Control (RBAC)

A

The access rights are associated by roles/jobs. Users can have more than one role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RBAC benefits

A
  • -Policy need not be updated when a certain person leaves
  • -new employee should be able to activate the desired role.
  • -Start with minimum access

SELinux supports RBAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fail-safe defaults

A

Implies that when an access control policy is silent about access to a certain user, that access must be denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly