4. Access Control Models

Question 1

What is DIscetionary Access Control?

Answer 1

DAC is a means of restricting access to objects based on the identity of subjects and/or the groups to which they belong.
The controls are clled discretionary because a subject with a certain access permission can pass that permission (possible indirectly) to any other subject, unless mandatory access control prevents it.

Question 2

Is DAC subject centered or object?

Answer 2

Subject centered

Question 3

Give an example of DAC

Answer 3

unix/inux is a system using DAC.

Question 4

What is Mandatory Access Control?

Answer 4

MAC is a means of restricting access to objects based on sensitivity (represented by a label) of the information within the objects and the formal authorization (clearance) of subjects to access information of that sensitivity.

Question 5

is MAC subject centered or object?

Answer 5

Object Centered

Question 6

Give an example of MAC

Answer 6

SELinux is a system using MAC.

Question 7

What is Access Control List (ACL)

Answer 7

• ACL is a list of permissions attached to an object (file)
• The list specifies who or what is allowed to access the object and what operations are permitted.
• An ACL consists of entries like [user, operations]
• ACL’s can be used for both DAC and MAC
• if the acl is decided by the user, it’s DAC; if its decided by the sysem admin, its MAC.

Question 8

What are the Pro’s of MAC?

Answer 8

• Stronger Security, as policy is centrally managed.
• Centralised control

Question 9

What are the Con’s of MAC?

Answer 9

• Less flexible for users and can be more complex to setup

Question 10

What are the Pro’s of DAC?

Answer 10

• Flexibility and Simplicity

Question 11

What are the Con’s of DAC?

Answer 11

• Inconsistent security
• Lack of centralised control.
• Prone to trojan horse attacks.