4. Access Control Models Flashcards
(12 cards)
What is DIscetionary Access Control?
DAC is a means of restricting access to objects based on the identity of subjects and/or the groups to which they belong.
The controls are clled discretionary because a subject with a certain access permission can pass that permission (possible indirectly) to any other subject, unless mandatory access control prevents it.
Is DAC subject centered or object?
Subject centered
Give an example of DAC
unix/inux is a system using DAC.
What is Mandatory Access Control?
MAC is a means of restricting access to objects based on sensitivity (represented by a label) of the information within the objects and the formal authorization (clearance) of subjects to access information of that sensitivity.
is MAC subject centered or object?
Object Centered
Give an example of MAC
SELinux is a system using MAC.
What is Access Control List (ACL)
- ACL is a list of permissions attached to an object (file)
- The list specifies who or what is allowed to access the object and what operations are permitted.
- An ACL consists of entries like [user, operations]
- ACL’s can be used for both DAC and MAC
- if the acl is decided by the user, it’s DAC; if its decided by the sysem admin, its MAC.
What are the Pro’s of MAC?
- Stronger Security, as policy is centrally managed.
- Centralised control
What are the Con’s of MAC?
- Less flexible for users and can be more complex to setup
What are the Pro’s of DAC?
- Flexibility and Simplicity
What are the Con’s of DAC?
- Inconsistent security
- Lack of centralised control.
- Prone to trojan horse attacks.