Lecture 9: 9th October 2019 Flashcards Preview

CS4203 Computer Security > Lecture 9: 9th October 2019 > Flashcards

Flashcards in Lecture 9: 9th October 2019 Deck (46)
Loading flashcards...

What is access control?

How usage of a resource by users is restricted.


What are active subjects?

Humans or processes, the ones seeking to access a passive object (i.e. resource)


What are passive objects?

A resource, being accessed by an active object (i.e. a person or process)


What are reference monitors?

Software or hardware that examine and grant or deny access requests. A conceptual authoritative controller for access control policies in an OS.


What is the Trusted Computing Base?

The set of all hardware, firmware, and/or software components that are critical to the security of a computer system


What forms of separation provide protection?

physical separation – different processes use different objects such as printers, files or servers.

temporal separation – processes with different security requirements can only be run at separate times.

logical separation – a process’s access is constrained so that it cannot access outwith its permitted domain.

cryptographic separation – files (data) or processes are hidden or obfuscated under cryptographic protocols.


What are access rights?

The permissions that are granted to a user or application to read, modify, and erase files on a computer.


What are the access rights on Unix?

execute, read, append, write


What are ACLs?

Access Control List = a list of permissions attached to an object that specifies which subjects are granted access to objects, as well as what operations are allowed on given objects.


What are ACLs aka?

access permission matrices


What are some issues with ACLs?

simple but inefficient because of repetition throughout the system: at run-time, the ACLs would be checked for every file access; revoking permissions for 1 user will require a lot of searching (high complexity); so essentially not scalable or efficient


Which types of systems are ACLs more useful in?

ACLs work better with data-oriented systems where permissions are stored with the data or owners can set up permissions.


What are C-lists?

Capability lists are arrays of capabilities grouped by subject. Subject has a pointer to a linked list, with each node referring to an object and describing the subject's permissions wrt that object


What are some issues with C-lists?

C-lists are more user-oriented and runtime checking is more efficient than with ACL. However, it is more time-consuming to determine who has access to a resource. Capabilities may be time-limited or even passed on to another user, e.g. allow access to X between 9am and 5pm, agents in smart spaces.


How does MAC work?

Security attributes (labels) that determine whether a subject can access a resource are assigned by an administrator. Subjects cannot change the security class of an object.


What are the differences between DAC and MAC?

In DAC object creator decides mutuable access rights of others. In MAC, admin/OS always does. MAC is immutable to untrusted processes and is therefore
used in highly sensitive or life critical systems. Both DAC and MAC have issues with cancelling, adding, merging etc of subjects or objects.


What are negative permissions?

Disallowing a subject from performing some access function on a certain object


What are policy conflicts?

When two or more access rules contradict one another and are mutually exclusive but both are present


How are policy conflicts resolved?

By querying a reference monitor


What are privileges?

Privileges are the right to exercise rights and like groups, can be seen as an intermediate layer between Subjects and Objects.


What are execution monitors?

Abstract processes that provide the audit trails for reference monitors


Where do reference models execute?

A Reference Monitor may be placed in the access control system, a hypervisor, in the services layer or in an application.


What are security kernels?

The Security Kernel is the software, firmware or hardware that implements the Reference Monitor. It must be tamper-proof and verifiable.


What are TCBs?

Trusted Computer Base (TCB) is a group of systems to enforce a security policy. A TCB can consist of any number of processes (daemons, firmware, software controls) that ensure correct access and correct inputs
to a system such as authentication and authorisation routines. It may include virus protection and firewalls or interrogate software with proof-carrying code or with static type checking.


What do TCBs do?

They ensure that system security policies are enforced. For example, they ensure the correct access rights are given in a system and that inputs such as authorisation and authentication are carried out correctly.


What are roles?

Abstract groups of subjects assigned specific privileges or access procedures.


How does RBAC work?

In role-based access control, functional groups or user roles are assigned to subjects that determine their access to resources at the application layer.


Give an example of when RBAC could be used.

Could be used for studres. A user could be a system administrator, a student, a lecturer etc. Some roles could be qualified such as a leccturer on CS2002.


What are rings of protection?

Abstract collections of users that have different levels of access to subejcts and permissions, ina a hierarchy. They protect data and functionality from faults (by improving fault tolerance) and malicious behaviour (by providing computer security).


How do rings of protection wortk?

Ring 0 : kernel, access to disk
Ring 1 : supervisor
Ring 3 : all other programs

Current privilege can only be changed by a process in Ring 0. Outer rings have fewer privileges, e.g. I/O forbidden, memory mapping disallowed. Segments are either data or procedure and have rwea access.

Moving to an inner ring is allowed through gates (system calls) but there are problems of kernel bloat. Unix has 2 rings: kernel and user area, modern hardware supports 4 or more rings.