Deck 4: Access Control

A user may belong to multiple groups.

The default set of rights should always follow the rule of least privilege or
read-only access

Reliable input is an access control requirement.

A user program executes in a kernel mode in which certain areas of memory
are protected from the user's use and certain instructions may not be executed.

The main innovation of the NIST standard is the introduction of the RBAC
System and Administrative Functional Specification,which defines the features required for an RBAC system.

An access right describes the way in which a subject may access an object.

Security labels indicate which system entities are eligible to access certain
resources.

T F 4.External devices such as firewalls cannot provide access control services.

A constraint is a defined relationship among roles or a condition related to
roles.

Traditional RBAC systems define the access rights of individual users and
groups of users.

The principal objectives of computer security are to prevent
unauthorized users from gaining access to resources,to prevent legitimate users from accessing resources in an unauthorized manner,and to enable legitimate users to access resources in an authorized manner.

An auditing function monitors and keeps a record of user accesses to
system resources.

Any program that is owned by,and SetUID to,the "superuser" potentially
grants unrestricted access to the system to any user executing that program.

Access control is the central element of computer security.

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

The __________ user ID is exempt from the usual file access control constraints and has system wide access.

Basic access control systems typically define three classes of subject: owner,__________ and world.

X.800 defines __________ as the prevention of unauthorized use of a resource,
including the prevention of use of a resource in an unauthorized manner.

A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.

The basic elements of access control are: subject,__________,and access right.

__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

A __________ access control scheme is one in which an entity may be granted access rights that permit the entity,by its own volition,to enable another entity to access some resource.

An independent review and examination of system records and activities in order to test for adequacy of system controls,to ensure compliance with established policy and operational procedures,to detect breaches in security,and to recommend any indicated changes in control,policy and procedures is a(n)__________ .

__________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

The NIST model defines two types of role hierarchies: general role hierarchies and ___________ hierarchies.

__________ functions provide the capability to create,delete,and maintain RBAC elements and relations.

A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.

The __________ functions include the following: create a user session with a default set of active roles; add an active role to a session; delete a role from a session; and check if the session subject has permission to perform a request operation on an object.

__________ Separation of Duty enables the definition of a set of mutually exclusive roles,such that if a user is assigned to one role in the set,the user may not be assigned to any other role in the set.