Protection Flashcards
True or False? Policies determine how something will be done, mechanisms
describe what will be done.
False; Mechanisms determine HOW something will be done; Policies decide WHAT will be done.
What principle dictates that programs and users be given just enough privileges to perform their tasks?
Principle of Least Privilege
True or False? The need-to-know principle states that a process needs
to know everything in order to perform its task.
False; the process should be limited to only those resources necessary to perform its task.
True or False? The user mode/kernel mode paradigm is an example of
domain switching.
True
True or False? In the UNIX operating system, a domain is associated with a process, not with a specific user.
False; In the UNIX operating system, a domain is associated with the user.
What is the name of the bit in a UNIX system that associates each file with an owner and domain?
setuid bit
What does each row and column represent in an access matrix?
Each row represents a domain, and each column represents an object.
What is the problem when using a global table to represent an access matrix?
The table is usually large, so much so that it can not fit into main memory.
What is the benefit of using role-based access control?
The principle of least privilege can be implemented without creating a separate account for each user.
Why is revocation of access rights easy with an access list scheme?
It is easy because the access list can be searched for any access rights that need to be revoked, and then those rights can be deleted; immediately revoking access.
Provide two examples of capability-based systems.
- Hydra
2. Cambridge CAP System
Give an example of a programming language that provides language based
protection.
Java
