Deck 4: Access Control

An auditing function monitors and keeps a record of user accesses to
system resources.

The authentication function determines who is trusted for a given purpose.

T F 4.External devices such as firewalls cannot provide access control services.

Access control is the central element of computer security.

A constraint is a defined relationship among roles or a condition related to
roles.

A user may belong to multiple groups.

Security labels indicate which system entities are eligible to access certain
resources.

Any program that is owned by,and SetUID to,the "superuser" potentially
grants unrestricted access to the system to any user executing that program.

An ABAC model can define authorizations that express conditions on
properties of both the resource and the subject.

Traditional RBAC systems define the access rights of individual users and
groups of users.

The default set of rights should always follow the rule of least privilege or
read-only access

The principal objectives of computer security are to prevent
unauthorized users from gaining access to resources,to prevent legitimate users from accessing resources in an unauthorized manner,and to enable legitimate users to access resources in an authorized manner.

Reliable input is an access control requirement.

An access right describes the way in which a subject may access an object.

The __________ user ID is exempt from the usual file access control constraints and has system wide access.

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.

The basic elements of access control are: subject,__________,and access right.

X.800 defines __________ as the prevention of unauthorized use of a resource,
including the prevention of use of a resource in an unauthorized manner.

Basic access control systems typically define three classes of subject: owner,__________ and world.

__________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

A __________ access control scheme is one in which an entity may be granted access rights that permit the entity,by its own volition,to enable another entity to access some resource.

An independent review and examination of system records and activities in order to test for adequacy of system controls,to ensure compliance with established policy and operational procedures,to detect breaches in security,and to recommend any indicated changes in control,policy and procedures is a(n)__________ .

A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.

In digital identity systems,a __________ functions as a certification program.

The three types of attributes in the ABAC model are subject attributes,object attributes,and _________ attributes.

A __________ is an object or data structure that authoritatively binds an identity to a token possessed and controlled by a subscriber.

There are three key elements to an ABAC model: attributes which are defined for entities in a configuration;a policy model,which defines the ABAC policies;and the __________ model,which applies to policies that enforce access control.