Week 2 Flashcards

1
Q

What is RBAC?

A

RBAC, or Role-Based Access Control, is a way to manage who can access what in a system based on their roles.

Roles: Different jobs or positions in an organization (like manager, employee, or admin).

Permissions: Specific actions that can be performed (like viewing files, editing documents, or managing users).

Assignment: Users are assigned to roles, and those roles have specific permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is hierarchial RBAC?

A

Hierarchical RBAC (Role-Based Access Control) is an extension of standard RBAC that allows for roles to have a hierarchy

Roles and Hierarchy: Roles can be organized in a way where some roles inherit permissions from others. For example, a “Manager” role might inherit all the permissions of an “Employee” role.

Inheritance: If you have a basic role (like Employee) with certain permissions, a higher role (like Manager) can automatically get those permissions, plus any additional ones that are specific to the Manager role.

Simplified Management: This structure makes it easier to manage access. When a new permission is added to the Employee role, all Managers automatically get it without needing to adjust their permissions individually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Access Control Hierarchy?

A

Top Secret

Secret

Confidential

Unclassified

eg. to access Secret documents you will need to have a certain level security clearance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the properties of an AC document?

A

Information in paper stored in opaque folders

Sensitivity clearly labeled on folders cover

Physical security used to control data access:

Users prove clearance to guard before taking folder from safe

Folders clearly marked to hard to sneak around with them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Top Secret Security level?

A

Comprehensiv background check, highly-trusted individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Secret Security level?

A

Routine background check, trusted individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Confidential/Sensitive Security level?

A

No background check, limited distribution, minimally trusted individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Unclassified Security level?

A

Unlimited distribution and untrusted individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Compartment (or category)?

A

Specifies domain for a need-to-know policy.

Eg.

SAT = Satellite dataa

EUR = Europe

ASI = Asia

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Partially Ordered Set?

A

A set that is (all of below):

Reflexive

Transitive

Anti-Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do all pairs of lattice elements contain?

A

A least upper bound

A greatest lower bound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What questions can we answer if labels form a lattice?

A

Given 2 objects with different labels, what is the minimal label a subject require to be allowed to read both objects?

Ggiven two subjects with dffierent labels, what is the maximal label an object can have that it can still be read by both subjects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Read-down?

A

Subject with label Xs can only read info in an object with label X0 if XS dominates X0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Write-up?

A

Subject with label Xs can only write info to an object with security label X0 if X0 dominates Xs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the benefit of BLP (Bell–LaPadula model)?

A

No information leakage possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a problem with the BLP model and solutions to fix it?

A

Prevents “legitimate” communication from high-level subjects to low-level ones

Possible Solutions:

Temporarily downgrade subjects security level

Identify set of trusted subjects that may violate *- property

17
Q

What is a property of Discretionary Access Control (DAC)?

A

Owners can change permissions

18
Q

What does Break-Glass Access Control allow?

A

Allows to override the access control in case of emergencies

19
Q

What is Usage Control?

A

Controlling the use of documents:

eg.

You are allowed to read the book but not give it to someone else

You are allowed to watch this movie three times within the next 2 weeks

20
Q
A