Access Control Principles and X

Questions and Answers

Which principle is defined as 'the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner'?

Separation of duty

Least privilege (correct)

Open and closed policies

Reliable input

What does RFC 2828 define as 'measures that implement and assure security services in a computer system, particularly those that assure access control service'?

Access Control Policies

Access Control Requirements

Computer security (correct)

Administrative policies

Which entity is typically held accountable for the actions they initiate and often have three classes: owner, group, world?

Object

Concept

Process

Subject (correct)

What does 'dual control' refer to in the context of access control?

Two entities required to perform an action

What is the concept that equates with that of a process and is capable of accessing objects?

Subject

Explain the concept of access control as defined in ITU-T Recommendation X.800.

The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.

According to RFC 2828, what does computer security measures implement and assure in a computer system?

Security services, particularly those that assure access control service.

What are the access control requirements mentioned in the text?

Reliable input, support for fine and coarse specifications, least privilege, separation of duty, open and closed policies, policy combinations and conflict resolution, and administrative policies.

Define the 'subject' in the context of access control.

An entity capable of accessing objects, typically held accountable for the actions they initiate, and often classified as owner, group, or world.

Explain the relationship between access control and other security functions as described in the text.

Access control is an essential part of computer security measures, particularly those that assure security services in a computer system.