P1L6: Mandatory Access Control

Question 1

Mandatory Access Control (MAC)

Answer 1

Is not at the user discretion. Solves the problem of information control. Company decides who has access to data.

Question 2

What is needed to implement MAC?

Answer 2

Labels are a key requirement. They indicate sensitivity and/or category of data. Indicate clearance/need-to-know requirements

Question 3

Labels also have a _______

Answer 3

Compartment.

Question 4

T/FL1 = (TS, {A,B,C})L2=(S,{B,C})L3=(S,{B,C,D})L1 > L3

Answer 4

FalseL1 > L2L2 < L1L1 and L3 are not comparable.

Question 5

Bell and La Padua (BLP) Model

Answer 5

Developed by the DoDAssumes classification of data and clearances for subjects

Question 6

BLP Read/Write rules

Answer 6

Read-down rule (ss-property): user with label L1 can read the document with L2 only when L1 dominates L2Write-up rule (*-property): User with label L1 can write document with label L2 when L1 is dominated by L2.

Question 7

Tranquility Principle

Answer 7

States that classification of a subject or object does not change during a session.

Question 8

Clark-Wilson Policy

Answer 8

Users should be able to access certain programs

Question 9

Chinese Wall Policy

Answer 9

Deals with conflict of interest

Question 10

T/F: RBAC is an example of MAC

Answer 10

True. Only the company can decide roles of its employees.

Question 11

BLP-like models

Answer 11

SELinux and SCOMP