P1L6 Mandatory Access Control Flashcards

1
Q

Mandatory Access Control (MAC)

A

Is not at the user discretion. Solves the problem of information control. Company decides who has access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is needed to implement MAC?

A

Labels are a key requirement. They indicate sensitivity and/or category of data. Indicate clearance/need-to-know requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Labels also have a _______

A

Compartment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
T/F
L1 = (TS, {A,B,C})
L2=(S,{B,C})
L3=(S,{B,C,D})
L1 > L3
A

False
L1 > L2
L2 < L1
L1 and L3 are not comparable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bell and La Padua (BLP) Model

A

Developed by the DoD

Assumes classification of data and clearances for subjects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BLP Read/Write rules

A

Read-down rule (ss-property): user with label L1 can read the document with L2 only when L1 dominates L2
Write-up rule (*-property): User with label L1 can write document with label L2 when L1 is dominated by L2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tranquility Principle

A

States that classification of a subject or object does not change during a session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Clark-Wilson Policy

A

Users should be able to access certain programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Chinese Wall Policy

A

Deals with conflict of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: RBAC is an example of MAC

A

True. Only the company can decide roles of its employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

BLP-like models

A

SELinux and SCOMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly