Computer Security Ch 4 - Exam III

Card Set Information

Computer Security Ch 4 - Exam III
2013-11-20 07:07:22
Access Control

Access Control
Show Answers:

  1. access control
    the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner
  2. access control
    the central element of computer security
  3. security policy or access control policy
    specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance
  4. authentication
    verification that the credentials of a user or other system entity are valid
  5. authorization
    the granding of a right or permission to a system entity to access a system resource - determines who is trusted for a given purpose
  6. audit
    an indepedent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security
  7. Discretionary access control (DAC)
    Mandatory access control (MAC)
    Role-based access control (RBAC)

    can use all access controls together
    categories of access control policies
  8. Discretionary access control (DAC)
    controls access based on the identity of the requestor and on access rules stating what requestors are (or are not) allowed to do - might have access rights that permit the entity, by its own volition, to enable another entity to access some resource
  9. Mandatory access control (MAC)
    controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (wihich indicate system entities are eligible to access certain resources) - may not, just by its own volition, enable another entity to access that resource
  10. Role-based access control (RBAC)
    controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles
  11. least privilege
    the principle that access control should be implemented so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work
  12. separation of duty
    the practice of dividing the steps in a system function among different individuals, so as to keep a single individual from subverting the process
  13. closed policies
    the most useful, and most typical, class of access control policies
  14. closed policies
    only accesses that are specifically authorized are allowed
  15. open policies
    authorizations specify which accesses are prohibited; all other accesses are allowed
  16. administrative policies
    policies needed to specify who can add, delete, or modify authorization rules
  17. subject, object, & access right
    basic elements of access control
  18. subject
    an entity capable of accessing objects
  19. object
    a resource to which access is controlled - an entity used to contain and/or receive information
  20. owner - creator
    group - membership in the group is sufficient to exercise these rights
    world - the least amount of access is granted to users who are able to access the system but are not included in the categories owner and group
    three classes of subject with different access rights for each class
  21. access right
    describes the way in which a subject may access an object
  22. access control lists/tickets
    are formed when an access matrix is decomposed by columns - specifies users and their permitted access rights for each object
  23. access matrix
    consists of two dimensions - one dimension consists of identified subjects that may attempt data access to the resources, and the other dimension lists the objects that may be accessed
  24. cabability tickets/lists - present a greater security problem than acces control lists
    are formed when an access matrix is decomposed by rows - specifies authorized objects and operations for a particular user
  25. user mode
    the mode in which a user program executes in which certain areas of memory are protected from the user's use and in which certain instructions may not be executed
  26. kernel mode (system mode)
    the mode in which a user program operates in which privileged instructions may be executed and in which protected areas fo memory may be accessed
  27. Role based access control:
    user - individual w/access
    role - named job function
    permission - approval of access
    session - mapping between a user & an activated subset of the set of roles to which the user is assigned
    four types of entities in an RBAC
  28. mutually exclusive roles
    three types of constraints in an RBAC3
  29. mutually exclusive roles
    roles such that a user can be assigned to only one role in the set
  30. cardinality
    refers to setting a maximum number with respect to roles
  31. prerequisite
    dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role
  32. SSD (Static Separation of Duty Relations)
    enables the definition of a set of mutually exclusive roles, such that if a user is assigned to one role in the set, the user may not be assigned to any other role in the set
  33. DSD (Dynamic Separation of Duty Relations)
    limit the permissions available to a user by placing constraints on the roles that can be activated within or across a user's sessions - enables the administrator to specify certain capabilities for a user at different, non-overlapping spans of time
  34. protection domain
    a set of objects together with access rights to those objects