7. Access Control (MAC)

Question 1

What is Mandatory Access Control (MAC)?

Answer 1

An access control model where the system enforces policies based on labels and clearances.

Question 2

How does MAC differ from DAC?

Answer 2

MAC is system-controlled; DAC is user-controlled.

Question 3

Where is MAC commonly used?

Answer 3

Government and military environments.

Question 4

What are sensitivity labels in MAC?

Answer 4

Classifications assigned to resources (e.g., Secret, Top Secret).

Question 5

What are security clearances in MAC?

Answer 5

Authorization levels assigned to users.

Question 6

When is access granted in MAC?

Answer 6

When clearance meets or exceeds sensitivity.

Question 7

What is centralized policy management in MAC?

Answer 7

Policies are managed and enforced by the system.

Question 8

What is a major advantage of MAC security?

Answer 8

Provides strong protection for sensitive data.

Question 9

Why does MAC support compliance?

Answer 9

It enforces strict standardized policies.

Question 10

What is a major disadvantage of MAC inflexibility?

Answer 10

Permissions are difficult to change dynamically.

Question 11

Why is MAC hard to administer?

Answer 11

Clearances and labels are complex to manage.

Question 12

Why is user autonomy limited in MAC?

Answer 12

Users cannot change permissions.

Question 13

What is the Bell-LaPadula (BLP) model?

Answer 13

A confidentiality-focused security model.

Question 14

What is the main goal of BLP?

Answer 14

Prevent unauthorized disclosure of information.

Question 15

What do security levels represent in BLP?

Answer 15

Data classification and user clearance.

Question 16

What is a subject in BLP?

Answer 16

An active entity (user or process).

Question 17

What is an object in BLP?

Answer 17

A passive data container.

Question 18

What is the Simple Security Property?

Answer 18

No Read Up (NRU).

Question 19

What does No Read Up mean?

Answer 19

Lower-level users cannot read higher-level data.

Question 20

What is the Star (*) Property in BLP?

Answer 20

No Write Down (NWD).

Question 21

What does No Write Down mean?

Answer 21

Higher-level users cannot write to lower-level data.

Question 22

Why does BLP prevent write down?

Answer 22

To stop data leakage to lower levels.

Question 23

What is the Discretionary Security Property (DSP)?

Answer 23

Allows limited DAC within MAC.

Question 24

What is a main advantage of BLP?

Answer 24

Strong confidentiality guarantees.

Question 25

Why is BLP good for hierarchical systems?

Answer 25

It matches military-style classifications.

Question 26

What is a major limitation of BLP?

Answer 26

It does not protect data integrity.

Question 27

Why is BLP unsuitable for dynamic systems?

Answer 27

Security levels are static.

Question 28

What is the Biba model?

Answer 28

An integrity-focused security model.

Question 29

What is the main goal of Biba?

Answer 29

Prevent unauthorized data modification.

Question 30

How does Biba differ from BLP?

Answer 30

Biba focuses on integrity; BLP on confidentiality.

Question 31

What are integrity levels in Biba?

Answer 31

Trust levels assigned to users and data.

Question 32

What is the Simple Integrity Property?

Answer 32

No Read Down (NRD).

Question 33

What does No Read Down mean in Biba?

Answer 33

High-integrity subjects cannot read low-integrity data.

Question 34

What is the Star Integrity Property?

Answer 34

No Write Up (NWU).

Question 35

What does No Write Up mean?

Answer 35

Low-integrity subjects cannot write to high-integrity data.

Question 36

Why does Biba prevent write up?

Answer 36

To prevent corruption of trusted data.

Question 37

What is the Invocation Property?

Answer 37

Low-integrity subjects cannot invoke high-integrity subjects.

Question 38

Why is invocation restricted?

Answer 38

To prevent contamination of trusted processes.

Question 39

What is an advantage of Biba?

Answer 39

Ensures data reliability.

Question 40

Where is Biba commonly used?

Answer 40

Financial and healthcare systems.

Question 41

What is a limitation of Biba confidentiality?

Answer 41

It does not protect secrecy.

Question 42

Why is Biba less flexible?

Answer 42

Strict integrity rules limit collaboration.

Question 43

What is the Chinese Wall model?

Answer 43

A model that prevents conflicts of interest.

Question 44

What problem does Chinese Wall address?

Answer 44

Conflicts of interest between clients.

Question 45

What are conflict of interest classes?

Answer 45

Groups of related sensitive data.

Question 46

What are the rules in Chinese Wall?

Answer 46

1. No Read Conflict (cannot read data from competing groups) 2. No Write Conflict (cannot write data from competing groups)

Question 47

How does Chinese Wall enforce separation?

Answer 47

By building barriers after initial access.

Question 48

What makes Chinese Wall dynamic?

Answer 48

Access depends on past actions.

Question 49

Where is Chinese Wall commonly used?

Answer 49

Finance, law, consulting.

Question 50

What is a main advantage of Chinese Wall?

Answer 50

Prevents unethical information sharing.

Question 51

What is a major limitation of Chinese Wall?

Answer 51

Complex to implement.

Question 52

Why can Chinese Wall reduce productivity?

Answer 52

It may block necessary access.

Question 53

Does Chinese Wall ensure confidentiality?

Answer 53

No, it focuses on conflict prevention.

Question 54

Does Chinese Wall ensure integrity?

Answer 54

No, it focuses on conflict prevention.