NIST IR 7298, Glossary of Key Information Security Terms, defines _________ as the process of granting or denying specific requests to: (1) obtain and use information and related information processing services; and (2) enter specific physical facilities.
Internet Security Glossary, defines __________ as a process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes, or other systems) according to that policy.
the central element of computer security.
(T/F) All of computer security is concerned with access control.
Measures that implement and assure security services in a computer system, particularly those that assure access control service.
Access Control Context:
Verification that the credentials of a user or other system entity are valid.
The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose.
An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures.
mediates between a user and system resources, such as applications, operating systems, firewalls, routers, files, and databases.
access control mechanism
maintains an authorization database that specifies what type of access to which resources is allowed for this user.
Access Control Policies:
Discretionary access control (DAC)
Mandatory access control (MAC)
Role-based access control (RBAC)
Attribute-based access control (ABAC)
Controls access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do.
Discretionary access control (DAC)
The policy is termed ________ because an entity might have access rights that permit the entity, by its own volition, to enable another entity to access some resource.
Controls access based on comparing security with security clearances.
Mandatory access control (MAC)
The policy is termed ________ because an entity that has clearance to access a resource may not, just by its own volition, enable another entity to access that resource.
Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
Role-based access control (RBAC)
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions.
Attribute-based access control (ABAC)
An ________, which can be embodied in an authorization database, dictates what types of access are permitted, under what circumstances, and by whom.
access control policy
_______ is the traditional method of implementing access control.
______ is a concept that evolved out of requirements for military information security and is best covered in the context of trusted systems.
The basic elements of access control are:
subject, object, and access right
A ________ is an entity capable of accessing objects. Generally, the concept of subject equates with that of process.
This may be the creator of a resource, such as a file.
In addition to the privileges assigned to an owner, a named group of users may also be granted access rights, such that membership in the group is sufficient to exercise these access rights.
The least amount of access is granted to users who are able to access the system but are not included in the categories owner and group for this resource.
An ________ is a resource to which access is controlled. In general, an object is an entity used to contain and/or receive information.
An _________ describes the way in which a subject may access an object.
Access right includes:
Read, Write, Execute, Delete, Create, Search
A general approach to DAC, as exercised by an operating system or a database management system, is that of an _________.
an _________ is usually sparse and is implemented by decomposition in one of two ways.
_________ lists users and their permitted access rights.
access control lists (ACLs)
A _________ specifies authorized objects and operations for a particular user.
(T/F) It is easy to determine the set of access rights that a given user has, but more difficult to determine the list of users with specific access rights for a specific resource.
An ________ contains one row for one access right of one subject to one resource.
Sorting or accessing the table by _______ is equivalent to a capability list. Sorting or accessing the table by ________ is equivalent to an ACL.
assumes a set of subjects, a set of objects, and a set of rules that govern the access of subjects to objects.
Access Control Model
Access rights include the ability to delete a process, stop (block), and wake up a process.
Access rights include the ability to read/write the device, to control its operation (e.g., a disk seek), and to block/unblock the device for use.
Access rights include the ability to read/write certain regions of memory that are protected such that the default is to disallow access.
Memory locations or regions
Access rights with respect to a subject have to do with the ability to grant or delete access rights of that subject to other objects, as explained subsequently.
A ________ could be defined, which results in the transferred right being added to the target subject and deleted from the transferring subject.
The ability of one subject to create another subject and to have ______ access right to that subject can be used to define a hierarchy of subjects.
A _______ is a set of objects together with access rights to those objects.
(T/F) A more general concept of protection domain provides more flexibility.
A user program executes in a _________, in which certain areas of memory are protected from the user’s use and in which certain instructions may not be executed.
When the user process calls a system routine, that routine executes in a system mode, or what has come to be called _______, in which privileged instructions may be executed and in which protected areas of memory may be accessed.
An _________ is a control structure that contains the key information needed by the operating system for a particular file.
inode (index node)
A directory that is inside another directory is referred to as a _________.
A _________ is simply a file that contains a list of file names plus pointers to associated inodes.
The ________ is exempt from the usual file access control constraints and has systemwide access.
(T/F) A final point to note is that the traditional UNIX file access control scheme implements a simple protection domain structure. A domain is associated with the user, and switching the domain corresponds to changing the user ID temporarily.
________ allows the administrator to assign a list of UNIX user IDs and groups to a file by using the setfacl command.
(T/F) Traditional DAC systems define the access rights of individual users and groups of users. In contrast, RBAC is based on the roles that users assume in a system rather than the user’s identity.
provide a means of reflecting the hierarchical structure of roles in an organization.
make use of the concept of inheritance to enable one role to implicitly include access rights associated with a subordinate role.
provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.
A ________ is a defined relationship among roles or a condition related to roles.
roles such that a user can be assigned to only one role in the set.
Mutually exclusive roles
refers to setting a maximum number with respect to roles.
A system might be able to specify a __________, which dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role.
An _________ can define authorizations that express conditions on properties of both the resource and the subject.
There are three key elements to an ABAC model: _______, which are defined for entities in a configuration; a _________ which defines the ABAC policies; and the ___________, which applies to policies that enforce access control.
attributes, policy model, architecture model
characteristics that define specific aspects of the subject, object, environment conditions, and/or requested operations that are predefined and preassigned by an authority.
A subject is an active entity that causes information to flow among objects or changes the system state.
An object, also referred to as a resource, is a passive information system-related entity containing or receiving information.
These attributes have so far been largely ignored in most access control policies.
a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of entities (subject and object), operations, and the environment relevant to a request.
(T/F) ABAC enables fine-grained access control, which allows for a higher number of discrete inputs into an access control decision, providing a bigger set of possible combinations of those variables to reflect a larger and more definitive set of possible rules, policies, or restrictions on access. Thus, ABAC allows an unlimited number of attributes to be combined to satisfy any access control rule.
In ABAC, the _________ is derived from many sources of which the object owner has no control, such as Subject Attribute Authorities, Policy Developers, and Credential Issuers.
root of trust
A _______ is a set of rules and relationships that govern allowable behavior within an organization, based on the privileges of subjects and how resources or objects are to be protected under which environment conditions.
represent the authorized behavior of a subject; they are defined by an authority and embodied in a policy.
______ is a comprehensive approach to managing and implementing digital identities (and associated attributes), credentials, and access control. ICAM has been developed by the U.S. government, but is applicable not only to government agencies, but also may be deployed by enterprises looking for a unified approach to access control.
___________ is concerned with assigning attributes to a digital identity and connecting that digital identity to an individual or NPE.
A ____________ is often comprised of a set of attributes that when aggregated uniquely identify a user within a system or an enterprise.
A ________ is an object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a subscriber.
___________ is the management of the life cycle of the credential.
The ___________ deals with the management and control of the ways entities are granted access to resources. It covers both logical and physical access, and may be internal to a system or an external element.
access management component
This element is concerned with defining rules for a resource that requires access control.
This element is concerned with establishing and maintaining the entitlement or privilege attributes that comprise an individual’s access profile.
This element governs what is allowable and unallowable in an access transaction.
________ is a term used to describe the technology, standards, policies, and processes that allow an organization to trust digital identities, identity attributes, and credentials created and issued by another organization.
The _____________ involves users developing arrangements with an identity service provider to procure digital identity and credentials, and arrangements with parties that provide end-user services and applications and that are willing to rely on the identity and credential information generated by the identity service provider.
exchange of identity information
The _________ requires that the user has been authenticated to some degree of assurance, that the attributes imputed to the user by the identity service provider are accurate, and that the identity service provider is authoritative for those attributes.
This is an open standard that allows users to be authenticated by certain cooperating sites (known as Relying Parties) using a third party service, eliminating the need for Webmasters to provide their own ad hoc systems and allowing users to consolidate their digital identities.
__________ is an international nonprofit organization of individuals and companies committed to enabling, promoting, and protecting OpenID technologies.
OIDF: The OpenID Foundation
________ is a nonprofit community of companies and individuals working together to evolve the Information Card ecosystem.
ICF: The Information Card Foundation
____________ is a standardized, open specification of a trust framework for identity and attribute exchange, developed jointly by OIDF and ICF.
OITF: The Open Identity Trust Framework
__________ is an independent, neutral, international provider of certification trust frameworks conforming to the Open Identity Trust Frameworks model.
OIX: The Open Identity Exchange Corporation
_________ is an online Internet-scale gateway for identity service providers and relying parties to efficiently access user asserted, permissioned, and verified online identity attributes in high volumes at affordable costs.
AXN: An Attribute Exchange Network (AXN)
__________ functions as a certification program which enables a party who accepts a digital identity credential to trust the identity, security, and privacy policies of the party who issues the credential and vice versa.
Also called service providers, these are entities delivering services to specific users.
Relying parties (RPs)
These are users of an RP’s services, including customers, employees, trading partners, and subscribers.
__________ are entities acknowledged by the community of interest as being able to verify given attributes as presented by subjects and which are equipped through the AXN to create conformant attribute credentials according to the rules and agreements of the AXN.
Attribute providers (APs)
These are entities able to authenticate user credentials and to vouch for the names (or pseudonyms or handles) of subjects, and which are equipped through the AXN or some other compatible Identity and Access Management (IDAM) system to create digital identities that may be used to index user attributes.
Identity providers (IDPs)
Assessors evaluate identity service providers and RPs and certify that they are capable of following the OITF provider’s blueprint.
These entities may be called on to check that parties’ practices have been in line with what was agreed for the OITF.
These entities provide arbitration and dispute resolution under OIX guidelines.
________ is an organization that translates the requirements of policymakers into an own blueprint for a trust framework that it then proceeds to build, doing so in a way that is consistent with the minimum requirements set out in the OITF specification.