Quiz (Access Control) Flashcards
What is a policy?
The rules of security.
How does policy achieve secrecy?
- Don’t allow reading by unauthorized subjects
- Control where data can be written by authorized subjects
How does policy achieve integrity?
Don’t permit dependence on lower integrity data/code
How does policy achieve availability?
The necessary function must run
What is a protection domain?
Specifies the set of resources (objects) that a process can access and the operations that the process may use to access such resources
How are protection domain done today?
- memory protection
- UNIX protection memory, file-system permissions
What is an access control system?
Determines what rights a particular entity has for a set of objects
What are subjects, objects and rights in simplified access control?
- Subjects are the active entities that do things
- Objects are passive things that things are done to
- Rights are actions that are taken
What is a protection state?
Defines what each subject can do
A reference monitor enforces the protection state. What are some guarantees that a correct reference make?
- Tamperproof
- Complete mediation
- Simple enough to verify
What does a protection system consists of?
- A protection state
- operations to modify that state
- a reference monitor to enforce that state
What is the principle of least privilege?
A system should only provide those rights needed to perform the processes function and no more.
What is the Discretionary Access Control?
- object “owners” define policy
- users have discretion over who has access to what objects and when)
- canonical example: the UNIX file system
What is the Mandatory Access Control?
- Environment enforces static policy
- access control policy defines by environment, user has no control over access control
- canonical example: process labeling
In DAC, subjects can _______, and subjects’ programs can _______. But in MAC, they cannot.
pass right onto other subjects; pass their rights
