Principles of Cyber Security Flashcards
DAC
Discretionary Access Control
DAC: DACL
DAC List
Tracks permissions against each object
DAC: Access Matrix
Combined DACLs
DAC: Advantages
Easily Implementable
Highly Flexible
DAC: Disadvantages
Poor Scaling (Matrix Explosion)
Prone to Mistakes (Complex Policy Management)
Frequent Changes
MAC
Mandatory Access Control
MAC: Object Access Requirements
At least the specified clearance level
All need-to-knows
MAC: Advantages
Most Secure
Easily Scalable
MAC: Disadvantages
Not Flexible
Limited User Functionality
High Admin Overhead
RBAC
Role-based Access Control
RBAC: Role Hierarchies
Roles can inherit permissions from other roles
RBAC: Constraints
Restricts roles:
- Mutually Exclusive Roles (Subject has only one role)
- Cardinality Restrictions (Constrain number of subjects assigned to role)
- Prerequisite Roles (Must hold specified role before assignment of new role)
RBAC: Consolidated
Combines Role Hierarchies and Constraints
RBAC: Advantages
Scalable
Flexible (Loose coupling of user and perms)
RBAC: Disadvantages
Roles need provisioning and maintenance
Possible rule explosion
Cannot accommodate real-time context
ABAC
Attribute-based Access Control
ABAC: Subject Attributes
Identity and characteristics of a subject e.g. name, job title, etc.
ABAC: Object Attributes
Extracted from object metadata
ABAC: Environment Attributes
Describe the current environmental context e.g. current malware threat
ABAC: Advantages
Dynamic
Fine-grained
Considers the Environment
ABAC: Disadvantages
Attributes need provisioning and maintenance
Possible Attribute Explosion
Complexity to Design and Implement
CVE
Common Vulnerabilities and Exposures (CVE)
A weakness knowledge base that lists common identifiers for publicly known cybersecurity vulnerabilities.
Each entry contains
- CVE ID
- A brief description
- Any pertinent references i.e. vulnerability reports
NVD
National Vulnerability Database (NVD)
A weakness knowledge base informed by CVE and run by the U.S. government
NVD analyses CVEs
CWE
Common Weakness Enumeration (CWE)
A weakness knowledge base. Community-developed list of common software weaknesses and vulnerabilities.
Acts as a baseline for weakness identification, prevention, and mitigation