What is a policy?
The rules of security.
How does policy achieve secrecy?
- Don’t allow reading by unauthorized subjects
- Control where data can be written by authorized subjects
How does policy achieve integrity?
Don’t permit dependence on lower integrity data/code
How does policy achieve availability?
The necessary function must run
What is a protection domain?
Specifies the set of resources (objects) that a process can access and the operations that the process may use to access such resources
How are protection domain done today?
- memory protection
- UNIX protection memory, file-system permissions
What is an access control system?
Determines what rights a particular entity has for a set of objects
What are subjects, objects and rights in simplified access control?
- Subjects are the active entities that do things
- Objects are passive things that things are done to
- Rights are actions that are taken
What is a protection state?
Defines what each subject can do
A reference monitor enforces the protection state. What are some guarantees that a correct reference make?
- Tamperproof
- Complete mediation
- Simple enough to verify
What does a protection system consists of?
- A protection state
- operations to modify that state
- a reference monitor to enforce that state
What is the principle of least privilege?
A system should only provide those rights needed to perform the processes function and no more.
What is the Discretionary Access Control?
- object “owners” define policy
- users have discretion over who has access to what objects and when)
- canonical example: the UNIX file system
What is the Mandatory Access Control?
- Environment enforces static policy
- access control policy defines by environment, user has no control over access control
- canonical example: process labeling
In DAC, subjects can _______, and subjects’ programs can _______. But in MAC, they cannot.
pass right onto other subjects; pass their rights
For most DAC models, safety is _____.
undecideable; thats why we need to either 1) restrict the model, 2) test incrementally
There is a ____ relation between users and roles, roles and permissions in RBAC.
many-to-many
RBAS is a class of access control not direct MAC and DAC. T/F
True
Groups are ____; a role is ____.
collections of identities who are assigned rights as a collective; a collection of privileges/permissions associated with some function of affiliation
What is a multi-level security?
Tags all objects and subjects with security tags classifying them in terms of sensitivity/access level.
In US DOD, read access is allowed if ____.
subject clearance level >= object sensitivity level and subject categories /in object categories. (read down)
BLP model enforces: ___ and ___.
Simple security policy (no read up); star property (no write down).
Biba defines ____.
a dual of secrecy for integrity
