Access Control

Question 1

What is Authentication?

Answer 1

Check if something or someone is who they say they are

Question 2

What is Authorisation?

Answer 2

Permission granted to user to access resource

Question 3

What is Access Control?

Answer 3

Authenticate, Authorise and take account of the actions of users

Question 4

How is Access Control achieved?

Answer 4

Through policies

Question 5

What 2 places can Access Control be applied?

Answer 5

Locally, Network

Question 6

What are 2 examples of Access Control?

Answer 6

Code based approach, Database orientated approach

Question 7

What is the code-based approach to Access Control?

Answer 7

Integrating Access Control into server’s Application Code

Question 8

What is the database-orientated approach to Access Control?

Answer 8

Access Control delegated to database

Question 9

What are the 3 main models of Access Control?

Answer 9

1) Discretionary Access Control (DAC) 2) Mandatory Access Control (MAC) 3) Role based Access Control (RBAC)

Question 10

What are DAC, MAC and RBAC each defined by?

Answer 10

DAC = User, MAC = System, RBAC = Roles

Question 11

In DAC, what do users own and control?

Answer 11

DAC, users own resources and control their own access

Question 12

In DAC, can ownerships be shared and transferred?

Answer 12

Yes, in DAC ownership can be shared and transfered

Question 13

In DAC, every object has a list, what is this called?

Answer 13

DACL (Discretionary Access Control List)

Question 14

What does the DACL contain?

Answer 14

List of people and their access permissions

Question 15

What does a DAC Matrix look like?

Answer 15

Vertical list of names, horizontal list of files

Question 16

How does MAC classify subjects and objects?

Answer 16

By security levels (e.g. confidential, secret, top secret)

Question 17

How do reading and writing permissions work in MAC?

Answer 17

Users can only read objects of equal or lower levels

Question 18

In MAC, can access be shared and transferred?

Answer 18

No, subjects can’t transfer access rights

Question 19

In MAC, what 2 details are kept about each object and user?

Answer 19

Users/Objects Clearance/Classification (e.g. top secret), and Need-to-Know/Category (e.g. Project z)

Question 20

What happens when someone tries to access an object?

Answer 20

The OS checks the User’s clearance and Need-to-Know against the object’s classification and category to decide if they get access

Question 21

In RBAC, what is access based on?

Answer 21

access is based on the user’s role in the organisation, e.g. teachers get these permissions

Question 22

How does MAC compare to DAC?

Answer 22

MAC is more rigid and more secure

Question 23

What are 2 benefits to RBAC?

Answer 23

1) Reduce user admin 2) Having a few roles and assigning them is far easier than MAC and DAC upkeep

Question 24

What does DSA stand for?

Answer 24

Data Sharing Agreements

Question 25

What are DSAs for?

Answer 25

Enforce standard on how data should be accessed, shared etc

Question 26

What are 2 dificulties of DSAs?

Answer 26

1) Difficult to represent DFAs 2) Rules can create conflict or inefficiency

Question 27

What does DSA automatically do?

Answer 27

Decide access level, use and sharing of data

Question 28

What 4 are prioritised by DSAs?

Answer 28

Data Security Requirements, User preferences, business rules, legislation requirements