Week 2 Flashcards
What is RBAC?
RBAC, or Role-Based Access Control, is a way to manage who can access what in a system based on their roles.
Roles: Different jobs or positions in an organization (like manager, employee, or admin).
Permissions: Specific actions that can be performed (like viewing files, editing documents, or managing users).
Assignment: Users are assigned to roles, and those roles have specific permissions.
What is hierarchial RBAC?
Hierarchical RBAC (Role-Based Access Control) is an extension of standard RBAC that allows for roles to have a hierarchy
Roles and Hierarchy: Roles can be organized in a way where some roles inherit permissions from others. For example, a “Manager” role might inherit all the permissions of an “Employee” role.
Inheritance: If you have a basic role (like Employee) with certain permissions, a higher role (like Manager) can automatically get those permissions, plus any additional ones that are specific to the Manager role.
Simplified Management: This structure makes it easier to manage access. When a new permission is added to the Employee role, all Managers automatically get it without needing to adjust their permissions individually.
What is the Access Control Hierarchy?
Top Secret
Secret
Confidential
Unclassified
eg. to access Secret documents you will need to have a certain level security clearance
What are the properties of an AC document?
Information in paper stored in opaque folders
Sensitivity clearly labeled on folders cover
Physical security used to control data access:
Users prove clearance to guard before taking folder from safe
Folders clearly marked to hard to sneak around with them
What is the Top Secret Security level?
Comprehensiv background check, highly-trusted individual
What is the Secret Security level?
Routine background check, trusted individual
What is the Confidential/Sensitive Security level?
No background check, limited distribution, minimally trusted individuals
What is the Unclassified Security level?
Unlimited distribution and untrusted individuals
What is a Compartment (or category)?
Specifies domain for a need-to-know policy.
Eg.
SAT = Satellite dataa
EUR = Europe
ASI = Asia
What is a Partially Ordered Set?
A set that is (all of below):
Reflexive
Transitive
Anti-Symmetric
What do all pairs of lattice elements contain?
A least upper bound
A greatest lower bound
What questions can we answer if labels form a lattice?
Given 2 objects with different labels, what is the minimal label a subject require to be allowed to read both objects?
Ggiven two subjects with dffierent labels, what is the maximal label an object can have that it can still be read by both subjects
What is Read-down?
Subject with label Xs can only read info in an object with label X0 if XS dominates X0
What is Write-up?
Subject with label Xs can only write info to an object with security label X0 if X0 dominates Xs
What is the benefit of BLP (Bell–LaPadula model)?
No information leakage possible