Access Control Fundamentals

Questions and Answers

PDF Questions PDF Answers

What does authentication specifically verify about a user or entity?

The overall trustworthiness of the user's identity.

The validity of the user's credentials. (correct)

Whether the user's credentials are fictitious.

Whether the user has the necessary permissions to access certain data.

Which process follows authentication to determine what resources a user can access?

Encryption

Authorization (correct)

Audit

Verification

What is the primary goal of conducting an audit in the context of security?

To verify user credentials.

To ensure compliance with regulatory standards. (correct)

To assign permissions to users.

To conduct real-time monitoring of user actions.

Which statement accurately describes the relationship between authorization and authentication?

Authentication must occur prior to authorization for effective security.

If an entity's credentials are deemed invalid, which process has failed?

Authentication

What is the basis for discretionary access control (DAC)?

It is based on the identity of the requestor and access rules.

Which of the following best describes access control policies?

They are generally divided into categorical groupings.

Under discretionary access control, who has the authority to grant permissions?

The owner of the resource being accessed.

Which of the following statements about access rules is true?

Access rules determine what requestors are allowed or not allowed to do.

In discretionary access control, what aspect is most critical for defining access permissions?

The identity of the requestor along with access rules.

What is included in the access rights of a device apart from controlling its operation?

Ability to read/write the device

Which of the following is NOT a function associated with device access rights?

Initializing network connections

Which of the following best describes the control function related to device access rights?

It allows the device to perform operations such as a disk seek.

Access rights for a device facilitate which type of interaction?

Reading, writing, and controlling device usage

Which option represents an example of blocking/unblocking a device for use?

Temporarily suspending the device's operation for maintenance

What does a row in the access matrix represent?

A protection domain with associated objects

Which statement correctly describes protection domains?

They can associate capabilities with different access rights.

How can the association between a process and a protection domain be characterized?

It can be either static or dynamic.

What is one way protection domains are implemented in operating systems such as UNIX?

Through differentiation between user and kernel mode.

In terms of user access rights, what can a user do regarding processes?

Spawn processes with a subset of their rights.

Which of the following best describes a set of objects together with access rights?

A protection domain

What role does the control unit play regarding subjects accessing objects?

It mediates access to objects based on the current state of the access matrix.

Which aspect of protection domains offers more flexibility?

Dynamic association with process execution

What is the primary function of administrative policies in access control?

To determine who can add or modify authorization rules

Which of the following represents the purpose of dual control in security?

To require collaboration between two or more individuals to complete tasks

In access control, what does the term 'object' refer to?

A container or resource that holds information

What is denoted by 'access rights' in access control mechanisms?

The rules governing how subjects can interact with objects

Discretionary Access Control (DAC) allows an entity to:

Delegate access to other entities for specific resources

In the context of the access matrix, what do the matrix entries indicate?

The access rights of subjects for particular objects

Which access control structure is characterized by being often sparse?

Access matrices

What aspect of security does enforcing administrative policies primarily involve?

Controlling who can modify access permissions

What is the role of access control mechanisms in relation to administrative policies?

To enforce the terms laid out by the administrative policies

Which factors determine the protection level in access control?

The environment where access control operates

Which statement about the classes of subjects in access control is true?

They are categorized into owner, group, and world

Why is it important to utilize an access matrix in Discretionary Access Control?

To provide a clear representation of subject-object interactions

The ability to create or delete objects falls under which type of access right?

Write access

What is the main purpose of specifying who can modify authorization rules in access control?

To enhance accountability and prevent unauthorized changes

Study Notes

Authentication

• Authentication verifies that a user or entity is valid.

Authorization

• Authorization defines what access is allowed.

Audit

• Audits record access events and determine who did what.

Access Control Policies

• Access control policies specify what access is allowed.

Discretionary Access Control (DAC)

• Allows an entity to grant access to another entity for a specific resource.
• This is often implemented using an access matrix which has a row for each subject and a column for each object.
• Each cell in the matrix indicates the access rights for the corresponding subject to the respective object.

Administrative Policies

• Administrative policies are needed to specify who can modify authorization rules.

Dual Control

• Dual control requires two or more individuals to work together to complete a task.

Access Control Basic Elements

• Subject: An entity capable of accessing objects (e.g., a user, a process).
• Object: Entity containing or receiving information (e.g., files, databases).
• Access Right: Specifies how a subject can access an object (e.g., read, write, execute, delete, create, search).

Access Control Structures

• An access matrix represents access rights.
• The access matrix can be implemented using decomposition, which involves dividing a single matrix into separate structures.

Protection Domains

• A defined set of objects and access rights associated with them.
• A row defines a protection domain in an access matrix.
• Users can spawn processes with specific access rights within their protection domain.
• The association between a process and a domain can be static or dynamic.

Security Kernel

• A security kernel enforces system security policies.
• It is located in the trusted computing base (TCB), acting as an intermediary between the user and the system.

Examples

• The distinction between user and kernel mode in operating systems like UNIX represents a form of protection domain.
• Devices can be controlled via access rights, including read/write access, operation control, and use blocking/unblocking.
• Subjects can have different access rights to devices, with some having privileged access.

Description

This quiz covers essential concepts of access control, including authentication, authorization, audit processes, and access control policies. Test your knowledge on discretionary access control, administrative policies, and the fundamental elements that define subjects and objects in access control systems.