Access Control Lecture 3 Concepts
21 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Match the following access control components with their descriptions:

Objects = System resources for which protection is desirable Subjects = Active entities requesting accesses to resources Access mode = Type of access (e.g., read, write, execute) Access Control Models = Categories of access control mechanisms like DAC and MAC

Match the following access control models with their descriptions:

Discretionary Access Control (DAC) = Resource owner specifies who can access specific resources Mandatory Access Control (MAC) = Access control based on security labels and clearances Role Based Access Control (RBAC) = Access control based on roles and permissions assigned to users Access Control Lists (ACLs) = Common implementation of DAC using lists of permissions for resources

Match the following terms with their definitions:

Owner based access control = Users can protect what they own and define access for others Successful authentication = Granting privileges after confirming user's identity Relationship among Access Control and Other Security Functions = Interconnections between access control and other security measures Access control mechanism = Granting privileges upon validating user's identity

Match the access control model with its description:

<p>ACL = Example of specific permissions for users on files MAC = Classifies subjects and objects based on security classes like Top Secret, Secret, Confidential, and Unclassified RBAC = Access decisions based on roles that individual users have in an organization Operating Systems = Controls user access to files and processes in the system</p> Signup and view all the answers

Match the security classification level with its description:

<p>Top Secret (TS) = The highest security classification level Secret (S) = One of the security classification levels below Top Secret Confidential (C) = Security classification level below Secret Unclassified (U) = The lowest security classification level</p> Signup and view all the answers

Match the examples with the type of access control they represent:

<p>Social Networks = Access control where personal information can be restricted to self, friends, or everybody Web Browsers = Access control that controls the type of content users can view ACL = Example of access control specifying permissions for users on files MAC = Access control applied to large amounts of information with clear classifications like Top Secret, Secret, etc.</p> Signup and view all the answers

Match the level of access with its description:

<p>Read = Permission to view or read the content of a file or resource Write = Permission to make changes or write to a file or resource Own = Highest permission level indicating ownership or full control over a file or resource Execute = Permission to run or execute a file or program</p> Signup and view all the answers

Match the user with their access rights on File 1:

<p>Joe = Has Read and Write permissions on File 1 Sam = Has Read, Write, and Own permissions on File 1 Admins = Only group that can change object levels in MAC, not object owners themselves Normal User = Cannot arbitrarily access another user's files in operating systems</p> Signup and view all the answers

Match the specific examples with their corresponding access control implementation:

<p>Facebook and MySpace = Social networks implementing access control for personal information sharing Operating System Access Control = Controls user access to files and processes on an operating system Web Browsers Content Control = Restricts what types of content users can view in browsers ACL for Files = Specific permissions set for users on files in a system</p> Signup and view all the answers

What is the primary purpose of an access control mechanism?

<p>To specify what users can or cannot do on a system</p> Signup and view all the answers

In the DAC model, who specifies which subjects can access specific resources?

<p>Owner of the resource</p> Signup and view all the answers

What is the common implementation of DAC that allows owners to control access to their resources?

<p>Access Control Lists (ACLs)</p> Signup and view all the answers

Which access control model focuses on defining access based on roles rather than individual users?

<p>Role Based Access Control (RBAC)</p> Signup and view all the answers

What is the highest security classification level in the MAC model?

<p>Top secret (TS)</p> Signup and view all the answers

What does Owner-based access control in DAC allow users to do?

<p>Protect what they own</p> Signup and view all the answers

Who can change the object level in the Mandatory Access Control (MAC) model?

<p>System administrators</p> Signup and view all the answers

Which component of access control specifies the type of actions a user can perform on a resource?

<p>Access mode</p> Signup and view all the answers

In Role-Based Access Control (RBAC), what are access decisions based on?

<p>User's roles</p> Signup and view all the answers

What is an example of an access control implementation in operating systems mentioned in the text?

<p>User accessing another user's files arbitrarily</p> Signup and view all the answers

Which component of the system controls the types of content users can view in web browsers?

<p>Access control</p> Signup and view all the answers

Who can access some personal information on social networks like Facebook and MySpace?

<p>Only yourself</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser