Access Control in Computer Security
22 Questions
4 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of access control mechanism does UNIX use for managing file permissions?

  • Discretionary Access Control (DAC)
  • Role Based Access Control (RBAC)
  • Mandatory Access Control (MAC)
  • Access Control Lists (ACLs) (correct)
  • What does the 'rwx' permission indicate for the user Zakir on his directories?

  • Read only
  • Write only
  • Read, write, and execute (correct)
  • No permissions
  • What is the result when a user accesses an object in UNIX?

  • It bypasses ACL checks
  • Access is automatically granted
  • It is checked against the user's permissions (correct)
  • Only root can access all objects
  • What is indicated by the permission letters 'r--' for the user on test.py?

    <p>Read only permissions</p> Signup and view all the answers

    Who can change file ownership in a UNIX system?

    <p>Root users only</p> Signup and view all the answers

    What is the significance of UID 0 in UNIX systems?

    <p>It is reserved for the special user root.</p> Signup and view all the answers

    Which operation can the owner of a file perform in UNIX regarding permissions?

    <p>Change permissions and group.</p> Signup and view all the answers

    Which of the following correctly describes access control in UNIX systems?

    <p>Users, group owners, and others have different access rights.</p> Signup and view all the answers

    How does UNIX handle file ownership?

    <p>Each file has only one user owner and one group owner.</p> Signup and view all the answers

    What is the purpose of groups in UNIX systems?

    <p>To collaborate users in sharing files and resources.</p> Signup and view all the answers

    What does the 'Read' permission allow a user to do with a file?

    <p>View the contents of the file.</p> Signup and view all the answers

    What is a service account in UNIX?

    <p>An account that runs background processes.</p> Signup and view all the answers

    In UNIX, how can a user check the users on their system?

    <p>By looking at the /etc/passwd file.</p> Signup and view all the answers

    Which statement about the least privilege principle is true?

    <p>Users should have access only to necessary data and resources.</p> Signup and view all the answers

    What is a potential risk associated with the UNIX security model regarding root access?

    <p>Most operations require root access, increasing the risk of user errors.</p> Signup and view all the answers

    Which statement accurately describes the shortcomings of Access Control Lists (ACLs) in UNIX?

    <p>ACLs do not accommodate the complexity of different applications within a single user account.</p> Signup and view all the answers

    What does a security descriptor in the Windows security model contain?

    <p>Rights allowed for users or groups and audit rules.</p> Signup and view all the answers

    What is one advantage of the Windows security model compared to the UNIX security model?

    <p>Windows ACLs allow for more complex permissions through detailed settings.</p> Signup and view all the answers

    How do groups function in UNIX systems regarding user permissions?

    <p>Users can be part of multiple groups, enhancing their file access rights.</p> Signup and view all the answers

    What information is typically included in a process's access token in Windows?

    <p>IDs of the user account, grouped memberships, and OS privileges.</p> Signup and view all the answers

    Which of the following best describes the disparity in the management of objects between UNIX and Windows systems?

    <p>Windows objects can have nested groups within ACLs.</p> Signup and view all the answers

    What is a major limitation of UNIX's file ownership and permission system?

    <p>It does not permit the differentiation of access rights by individual applications.</p> Signup and view all the answers

    Study Notes

    Access Control Example 1

    • Drew who is a member of cs155-tas has access to the "homework" directory, as Drew's group "cs155-tas" has rwx (read, write, execute) permissions.

    Access Control Example 2

    • Students can access the "lectures" directory as students likely have access to the server and the lectures directory has r-x (read, execute) permissions for the "cs155-tas" group.

    Access Control Lists (ACLs)

    • Every object has an ACL, which defines what operations subjects can perform.
    • Each access to an object is checked against the object's ACL.

    Role Based Access Control (RBAC)

    • Access control matrices can become complex as the number of subjects, objects, and operations increase.
    • Users should only be able to access the data and resources needed to perform authorized tasks (least privilege principle).

    Security Policies

    • Subjects (who?): Acting system principals (e.g., user, app, process)
    • Objects (what?): Protected resources (e.g., memory, files, hardware devices).
    • Operations (how?): How subjects operate on objects (e.g., read, delete).

    UNIX Security Model

    • Subjects: Users and processes.
    • Objects: Files, directories, sockets, pipes, hardware devices, kernel objects, process data.
    • Access Operations: Read, write, execute.

    Users

    • Every user has a unique user ID (UID).
    • UID 0 is reserved for the "root" user, which has access to everything.

    Example Users

    • Users can be viewed through /etc/passwd file.
    • Users can have various roles, such as service accounts for background processes or user accounts for specific humans.

    Groups

    • Groups are collections of users that share files and system resources.
    • Every group has a group ID (GID) and name.

    File Ownership

    • All Linux resources are managed as files.
    • Each file or directory has a single user owner and group owner.

    Access Control

    • Subjects have access to a file: user owner, group owner, and others.
    • Permissions exist for each subject for read, write, and execute operations.
    • Owner can change permissions and group.

    Access Control - Pros and Cons

    • Pros:
      • Simple model provides protection for most situations.
      • Flexible enough to make simple systems possible.
    • Cons:
      • ACLs are coarse-grained, making it difficult to handle complex enterprise scenarios.
      • ACLs do not handle different applications within a single user account.
      • Nearly all system operations require root access.

    Windows Security Model

    • Windows employs a complex system for granting access.
    • Windows has flexible access control options.
    • Objects have full ACLs, enabling fine-grained permissions.
    • Users can belong to multiple nested groups.

    Object Security Descriptors

    • Windows's objects have a security descriptor.
    • The security descriptor specifies who can perform what and audit rules.
    • Security descriptors contain SIDs, DACLs, and SACLs.

    Tokens

    • Each process has a set of security tokens, which contain the process's security context.
    • Impersonation tokens can be used to temporarily adopt a different context.

    Access Request

    • When a process tries to access an object, it presents its security tokens to the object's security descriptor.
    • Access is granted based on the object's security descriptor and the process's security tokens, allowing or denying the access request.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Explore the concepts of access control in computer security, including ACLs, RBAC, and the least privilege principle. This quiz will test your understanding of how users and resources interact within security policies. Prepare to assess your knowledge on directory permissions and security best practices.

    More Like This

    Use Quizgecko on...
    Browser
    Browser