Week 4 Flashcards
describe 4 types of seperation for access control
A basic form of protection is separation:
physical separation – different processes use different objects such as
printers, files or servers.
temporal separation – processes with different security requirements
can only be run at separate times.
logical separation – a process’s access is constrained so that it cannot
access outwith its permitted domain.
cryptographic separation – files (data) or processes are hidden or
obfuscated under cryptographic protocols.
what are the basic access rights?
execute, read, append, write
write may be destructive
what is acl? some issues?
access control list describes the right sof subjects and objects
The ACL is simple but inefficient because of repetition throughout the
system. At run-time, the ACLs would be checked for every file access.
If a user’s ability is revoked there is a lot of searching for their access
rights. Groups or roles could be set up to describe large numbers of
subjects with the same permissions, but some subjects may require
negative permissions.
Another way of describing access would be ¡user, program, file¿ but this
also has scaling problems.
Unix access control is based on simple ACLs with user, group, others and
r,w,and x.
what is a c-list?
Capabilities (C-list) are not as widely used as access control mainly
because it is easier for an o.s. to control access to objects rather than
through subjects.
Instead of storing the ACL we could store the rows. e.g. Bob’s capabilities
could be stored as a tuple.
This is more user oriented and runtime checking is more efficient. However,
it is more time consuming to determine who has access to a resource.
Capabilities may be time limited or even passed on to another user, e.g.
allow access to X between 9am and 5pm, agents in smart spaces.
Nowadays, capabilities are in the form of cryptographically signed
certificates (public key certificates).
DAC and MAC?
Capabilities such as Alice: x.exe: xr; y.doc: r; are used for Discretionary
Access Control (RDAC). When Subject S creates a new resource it can
allow access. With strict DAC, you can grant access not ownership,
however, ownership can be transferred.
Mandatory Access Control (MAC) is where users and resources (subjects
and objects) have fixed security attributes (labels) assigned by an
administrator. Objects have labels to determine whether a subject can
access a resource. Subjects cannot change the security class of an object.
Unlike DAC, MAC is immutable to untrusted processes and is therefore
used in highly sensitive or life critical systems. Both DAC and MAC have
issues with cancelling, adding, merging etc of subjects or objects.
what is a reference monitor?
The Reference Monitor is an abstract machine that mediates or controls
access to objects such as the kernel and physical resources. A Reference
Monitor may be placed in the access control system, a hypervisor, in the
services layer or in an application. An execution monitor provides the audit
trail.
The Security Kernel is the software, firmware or hardware that implements
the Reference Monitor. It must be tamper proof and verifiable
what is a TCB
Trusted Computer Base (TCB) is the group of systems to enforce a
security policy. A TCB can consist of any number of processes (daemons,
firmware, software controls) that ensure correct access and correct inputs
to a system such as authentication and authorisation routines. It may
include virus protection and firewalls or interrogate software with proof
carrying code or with static type checking.
what is RBAC
Role based access control (RBAC) is an example of access control that
applies at the application layer. Here we have functional groups or user
roles where the need to access information is based on one’s job function.
A user could be a system administrator, a general user, a tutor etc. Some
roles could be qualified such as a tutor on CS2002.
Each role allows the certain privileges or allows them to execute some
tasks (procedures, functions). Procedures work on datatypes and access is
controlled by restricting the procedures applicable.
how are windows resources accessed? what are the two types
Windows resources are all accessed through ACLs. An ACL can be a
Discretionary ACL (DACL) or a Systems ACL (SACL).
DACL: a list of access control entities (ACEs). If none then the object is
presumed to allow full access to all Subjects or Principals.
ACE: type, inheritance and audit flags, access mask, ObjectType,
InheritedObjectType, SID (Principal owner)
