Chapter 4.3

Question 1

ABAC

Answer 1

An ABAC system makes access decisions based on a combination of subject and object attributes plus any context-sensitive or system-wide attributes. ABAC grants fine-grained privileges.

Question 2

False rejection rate

Answer 2

False rejection rate is the least relevant figure because it only causes inconvenience to users, who should have access and are rejected in error.

Question 3

MAC

Answer 3

Mandatory Access Control (MAC) enforces rules based on security clearances and labels of resources, to which a user is granted “need to know” or not. This form is ideal for military units and highly secure information, but is cumbersome for normal use.

Question 4

CER

Answer 4

The process of fine-tuning a biometric system involves adjusting the Crossover Error Rate (CER), the point at which the false rejection rate and false acceptance rate meet.

Question 5

FRR

Answer 5

The False Rejection Rate (FRR) is also known as a type I error, which rejects authorized templates. FRR most commonly produces frustration, and can impede traffic flow if not properly tuned.

Question 6

FAR

Answer 6

The False Acceptance Rate (FAR) is the rate at which the system lets in unauthorized users, which constitutes a security breach. Fine-tuning a system to minimize the FAR is imperative. A type II error is also known as a false positive, measured by the False Acceptance Rate (FAR).

Question 7

HOTP & TOTP similar vulnerabilities

Answer 7

Susceptibility to interception is a risk associated with one-time passwords, since the token is delivered to a phyiscal space. Both HMAC-Based One-time Password Algorithms (HOTP) and Time-Based One-time Password Algorithms (TOTP) generate these tokens.

Device synchronization errors can result in key expiration or key error. Although HMAC-Based One-time Password Algorithm (HOTP) does not use a timestamp, the device and server may still be synchronized with a counter to invalidate the key should they go out of sync.

Question 8

biometric technical challenges

Answer 8

The security and storage of biometric template is a current issue. Templates should not be able to reconstruct the samples, they should be tamper-proof, and unauthorized templates should not be able to gain system access.

Pattern matching from templates is an issue with current biometric technologies. Standard encryption technologies cannot be used to store biometric data, and a biometric scan must be able to produce the same key each time it is scanned, presenting challenges concerning credential access and data recovery.

Question 9

RBAC

Answer 9

Role-Based Access Control (RBAC) allocated user permissions based on roles, or group memberships.

Question 10

DAC

Answer 10

Discretionary Access Control (DAC) gives access based on a content’s creator or owner, who grants permissions. This type of control is flexible, yet vulnerable to insider attack, and task-heavy for the content creator.