5. Access Control (DAC)

Question 1

What is authorization in access control?

Answer 1

Restricting the actions of authenticated users.

Question 2

How does authorization differ from authentication?

Answer 2

Authentication verifies identity; authorization checks permissions.

Question 3

Why is authorization more fine-grained than authentication?

Answer 3

Authentication is binary, while authorization defines multiple permission levels.

Question 4

Name the main access control models.

Answer 4

DAC, RBAC, ABAC, and MAC.

Question 5

What is Discretionary Access Control (DAC)?

Answer 5

A model where resource owners decide who can access resources and with what permissions.

Question 6

Who controls permissions in DAC?

Answer 6

The owner of the resource.

Question 7

What makes DAC ‘discretionary’?

Answer 7

Users can pass their access rights to others.

Question 8

Give an example of DAC.

Answer 8

File owners setting read/write permissions.

Question 9

What is a benefit of DAC flexibility?

Answer 9

Owners can set fine-grained permissions for objects.

Question 10

Why is DAC considered efficient?

Answer 10

Users can grant access quickly and easily.

Question 11

Why is DAC easy to manage?

Answer 11

Admins mainly assign privileges using ACLs.

Question 12

What is a major security weakness of DAC?

Answer 12

Users may grant overly broad or unsafe permissions.

Question 13

Why does DAC have low visibility?

Answer 13

Permissions are hard to monitor centrally.

Question 14

What is a maintenance problem in DAC?

Answer 14

Outdated ACLs may include ex-employees.

Question 15

What is an access control matrix (ACM)?

Answer 15

A table mapping subjects to objects and their permissions.

Question 16

What is a subject in ACM?

Answer 16

An entity that accesses resources (user or process).

Question 17

What is an object in ACM?

Answer 17

A system resource.

Question 18

What do rows represent in an ACM?

Answer 18

Subjects.

Question 19

What do columns represent in an ACM?

Answer 19

Objects.

Question 20

What is stored in each ACM cell?

Answer 20

Allowed permissions for a subject-object pair.

Question 21

What do r, w, x represent?

Answer 21

Read, Write, Execute.

Question 22

Why is a full ACM impractical?

Answer 22

It becomes too large to manage efficiently.

Question 23

What are the two main ACM representations?

Answer 23

ACLs and C-lists (capabilities).

Question 24

What is an Access Control List (ACL)?

Answer 24

A list of users and permissions for a specific object.

Question 25

How are ACLs derived from ACM?

Answer 25

By storing columns with each object.

Question 26

When is an ACL checked?

Answer 26

When an object is accessed.

Question 27

Give an example of ACL format.

Answer 27

(User, permission).

Question 28

What is a capability (C-list)?

Answer 28

A list of objects and permissions for a subject.

Question 29

How are C-lists derived from ACM?

Answer 29

By storing rows with each subject.

Question 30

When is a C-list checked?

Answer 30

When a subject requests access.

Question 31

Give an example of C-list format.

Answer 31

(Object, permission).

Question 32

What is the main difference between ACLs and C-lists?

Answer 32

ACLs map objects to users; C-lists map users to objects.

Question 33

Why is this ACL vs C-list difference important?

Answer 33

It affects how associations and security are managed.

Question 34

What is an advantage of capabilities?

Answer 34

User-resource associations are built into the system.

Question 35

Why are capabilities favored in research?

Answer 35

They offer security and management advantages.

Question 36

What is the purpose of splitting the ACM?

Answer 36

To improve authorization performance.

Question 37

How can ACM be split?

Answer 37

By columns (ACLs) or rows (C-lists).

Question 38

Why treat programs as subjects in ACM?

Answer 38

To restrict how data can be modified.

Question 39

What is the goal of restricting accounting data modification?

Answer 39

To prevent corruption using controlled software.

Question 40

Why can administrators bypass ACM protection?

Answer 40

They can replace trusted programs.

Question 41

What is the confused deputy problem?

Answer 41

A program misuses its privileges on behalf of another user.

Question 42

What causes the confused deputy problem?

Answer 42

Programs having more privileges than needed.

Question 43

How does ACM illustrate confused deputy?

Answer 43

A low-privilege user exploits a high-privilege program.

Question 44

How can access control help prevent confused deputy?

Answer 44

By separating and limiting privileges.