Lecture 9: 9th October 2019 Flashcards

Access Control

1
Q

What is access control?

A

How usage of a resource by users is restricted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are active subjects?

A

Humans or processes, the ones seeking to access a passive object (i.e. resource)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are passive objects?

A

A resource, being accessed by an active object (i.e. a person or process)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are reference monitors?

A

Software or hardware that examine and grant or deny access requests. A conceptual authoritative controller for access control policies in an OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Trusted Computing Base?

A

The set of all hardware, firmware, and/or software components that are critical to the security of a computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What forms of separation provide protection?

A

physical separation – different processes use different objects such as printers, files or servers.

temporal separation – processes with different security requirements can only be run at separate times.

logical separation – a process’s access is constrained so that it cannot access outwith its permitted domain.

cryptographic separation – files (data) or processes are hidden or obfuscated under cryptographic protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are access rights?

A

The permissions that are granted to a user or application to read, modify, and erase files on a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the access rights on Unix?

A

execute, read, append, write

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are ACLs?

A

Access Control List = a list of permissions attached to an object that specifies which subjects are granted access to objects, as well as what operations are allowed on given objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are ACLs aka?

A

access permission matrices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some issues with ACLs?

A

simple but inefficient because of repetition throughout the system: at run-time, the ACLs would be checked for every file access; revoking permissions for 1 user will require a lot of searching (high complexity); so essentially not scalable or efficient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which types of systems are ACLs more useful in?

A

ACLs work better with data-oriented systems where permissions are stored with the data or owners can set up permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are C-lists?

A

Capability lists are arrays of capabilities grouped by subject. Subject has a pointer to a linked list, with each node referring to an object and describing the subject’s permissions wrt that object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some issues with C-lists?

A

C-lists are more user-oriented and runtime checking is more efficient than with ACL. However, it is more time-consuming to determine who has access to a resource. Capabilities may be time-limited or even passed on to another user, e.g. allow access to X between 9am and 5pm, agents in smart spaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does MAC work?

A

Security attributes (labels) that determine whether a subject can access a resource are assigned by an administrator. Subjects cannot change the security class of an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the differences between DAC and MAC?

A

In DAC object creator decides mutuable access rights of others. In MAC, admin/OS always does. MAC is immutable to untrusted processes and is therefore
used in highly sensitive or life critical systems. Both DAC and MAC have issues with cancelling, adding, merging etc of subjects or objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are negative permissions?

A

Disallowing a subject from performing some access function on a certain object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are policy conflicts?

A

When two or more access rules contradict one another and are mutually exclusive but both are present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How are policy conflicts resolved?

A

By querying a reference monitor

20
Q

What are privileges?

A

Privileges are the right to exercise rights and like groups, can be seen as an intermediate layer between Subjects and Objects.

21
Q

What are execution monitors?

A

Abstract processes that provide the audit trails for reference monitors

22
Q

Where do reference models execute?

A

A Reference Monitor may be placed in the access control system, a hypervisor, in the services layer or in an application.

23
Q

What are security kernels?

A

The Security Kernel is the software, firmware or hardware that implements the Reference Monitor. It must be tamper-proof and verifiable.

24
Q

What are TCBs?

A

Trusted Computer Base (TCB) is a group of systems to enforce a security policy. A TCB can consist of any number of processes (daemons, firmware, software controls) that ensure correct access and correct inputs
to a system such as authentication and authorisation routines. It may include virus protection and firewalls or interrogate software with proof-carrying code or with static type checking.

25
Q

What do TCBs do?

A

They ensure that system security policies are enforced. For example, they ensure the correct access rights are given in a system and that inputs such as authorisation and authentication are carried out correctly.

26
Q

What are roles?

A

Abstract groups of subjects assigned specific privileges or access procedures.

27
Q

How does RBAC work?

A

In role-based access control, functional groups or user roles are assigned to subjects that determine their access to resources at the application layer.

28
Q

Give an example of when RBAC could be used.

A

Could be used for studres. A user could be a system administrator, a student, a lecturer etc. Some roles could be qualified such as a leccturer on CS2002.

29
Q

What are rings of protection?

A

Abstract collections of users that have different levels of access to subejcts and permissions, ina a hierarchy. They protect data and functionality from faults (by improving fault tolerance) and malicious behaviour (by providing computer security).

30
Q

How do rings of protection wortk?

A

Ring 0 : kernel, access to disk
Ring 1 : supervisor
Ring 3 : all other programs

Current privilege can only be changed by a process in Ring 0. Outer rings have fewer privileges, e.g. I/O forbidden, memory mapping disallowed. Segments are either data or procedure and have rwea access.

Moving to an inner ring is allowed through gates (system calls) but there are problems of kernel bloat. Unix has 2 rings: kernel and user area, modern hardware supports 4 or more rings.

31
Q

How are all Windows resources accessed?

A

Through ACLs. They are DACLs or SACLs.

32
Q

What is a DACL?

A

Discretionary Access Control List = a list of access control entities (ACEs). If none then the object is
presumed to allow full access to all Subjects or Principals.

33
Q

What is a SACL?

A

Systems Access Control List = ACLs specialised to logging attempts to access resources, for examination by administrators

34
Q

What are ACEs?

A

ACE = access control entry = element in an ACL

Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in a SACL can generate audit records when an access attempt fails, when it succeeds, or both.

Possible values: Generic_Read, Write, Execute, All

35
Q

How do DACLs work?

A

In Windows, each object in Active Directory or a local NTFS volume has an attribute called Security Descriptor that stores information about:

  • The object’s owner (the security identifier or the owner) and the groups to which the owner belongs.
  • The discretionary access control list (DACL) of the object, which lists the security principals (users, groups, and computers) that have access to the object and their level of access.
  • The system access control list (SACL), which lists the security principals that should trigger audit events when accessing the list.
36
Q

How do SACLs work?

A

Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in a SACL can generate audit records when an access attempt fails, when it succeeds, or both.

37
Q

What are the possible values of types in ACEs?

A

Access_Denied, Access_Allowed or System_Audit

38
Q

What are the possible values of ACLs?

A

Generic_Read, Write, Execute, All

39
Q

What is HAL in Windows?

A

HAL = Hardware Abstraction Layer = interface of kernel rings to software

40
Q

What is the Security Reference Monitor?

A

Security Reference Monitor is a component of the Microsoft Windows NT executive running in kernel mode that acts like a security watchdog, enforcing security when applications try to access system resources. It implements the Reference Monitor concept in Windows, making it Windows’ security kernel.

41
Q

What are active entities?

A

subjects: users, domains, domains, or machines

42
Q

What are principals?

A

Entities who are granted or denied access with a username and security ID

43
Q

What is IBAC?

A

Identity-Based Access Control is a simple, coarse-grained digital security method that determines whether a user will be permitted or denied access to an electronic resource based on whether their name appears on an ACL.

44
Q

What is DAC?

A

Discretionary Access Control: on multi-user Windows systems, users that made or own resources set their own protection levels for users and groups for the system (admin or OS) to enforce. Identity-based access control is implemented in DAC since it is based on the identities of subjects.

45
Q

What is MAC?

A

MAC = Mandatory Access Control: global policies that subjects can’t change on objects they own. Since based on global policy rather than identity, is an example of rule-based access control.

46
Q

What are the differences between discretionary and mandatory security levels?

A

Mandatory levels set by the system and enforced globally. Discretionary by owner subject for that file only.