Access Control Lecture 3 Concepts

Questions and Answers

Match the following access control components with their descriptions:

Objects = System resources for which protection is desirable Subjects = Active entities requesting accesses to resources Access mode = Type of access (e.g., read, write, execute) Access Control Models = Categories of access control mechanisms like DAC and MAC

Match the following access control models with their descriptions:

Discretionary Access Control (DAC) = Resource owner specifies who can access specific resources Mandatory Access Control (MAC) = Access control based on security labels and clearances Role Based Access Control (RBAC) = Access control based on roles and permissions assigned to users Access Control Lists (ACLs) = Common implementation of DAC using lists of permissions for resources

Match the following terms with their definitions:

Owner based access control = Users can protect what they own and define access for others Successful authentication = Granting privileges after confirming user's identity Relationship among Access Control and Other Security Functions = Interconnections between access control and other security measures Access control mechanism = Granting privileges upon validating user's identity

Match the access control model with its description:

ACL = Example of specific permissions for users on files MAC = Classifies subjects and objects based on security classes like Top Secret, Secret, Confidential, and Unclassified RBAC = Access decisions based on roles that individual users have in an organization Operating Systems = Controls user access to files and processes in the system

Match the security classification level with its description:

Top Secret (TS) = The highest security classification level Secret (S) = One of the security classification levels below Top Secret Confidential (C) = Security classification level below Secret Unclassified (U) = The lowest security classification level

Match the examples with the type of access control they represent:

Social Networks = Access control where personal information can be restricted to self, friends, or everybody Web Browsers = Access control that controls the type of content users can view ACL = Example of access control specifying permissions for users on files MAC = Access control applied to large amounts of information with clear classifications like Top Secret, Secret, etc.

Match the level of access with its description:

Read = Permission to view or read the content of a file or resource Write = Permission to make changes or write to a file or resource Own = Highest permission level indicating ownership or full control over a file or resource Execute = Permission to run or execute a file or program

Match the user with their access rights on File 1:

Joe = Has Read and Write permissions on File 1 Sam = Has Read, Write, and Own permissions on File 1 Admins = Only group that can change object levels in MAC, not object owners themselves Normal User = Cannot arbitrarily access another user's files in operating systems

Match the specific examples with their corresponding access control implementation:

Facebook and MySpace = Social networks implementing access control for personal information sharing Operating System Access Control = Controls user access to files and processes on an operating system Web Browsers Content Control = Restricts what types of content users can view in browsers ACL for Files = Specific permissions set for users on files in a system

What is the primary purpose of an access control mechanism?

To specify what users can or cannot do on a system (C)

In the DAC model, who specifies which subjects can access specific resources?

Owner of the resource (C)

What is the common implementation of DAC that allows owners to control access to their resources?

Access Control Lists (ACLs) (B)

Which access control model focuses on defining access based on roles rather than individual users?

Role Based Access Control (RBAC) (A)

What is the highest security classification level in the MAC model?

Top secret (TS) (C)

What does Owner-based access control in DAC allow users to do?

Protect what they own (B)

Who can change the object level in the Mandatory Access Control (MAC) model?

System administrators (D)

Which component of access control specifies the type of actions a user can perform on a resource?

Access mode (B)

In Role-Based Access Control (RBAC), what are access decisions based on?

User's roles (B)

What is an example of an access control implementation in operating systems mentioned in the text?

User accessing another user's files arbitrarily (C)

Which component of the system controls the types of content users can view in web browsers?

Access control (A)

Who can access some personal information on social networks like Facebook and MySpace?

Only yourself (C)