Information Security Chapter 4
X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner
Access Control
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance
Access Control
__________ functions provide the capability to create, delete, and maintain RBAC elements and relations
Administrative
An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) __________
Audit
__________ is verification that the credentials of a user or other system entity are valid
Authentication
_________ is the granting of a right or permission to a system entity to access a system resource
Authorization
__________ refers to setting a maximum number with respect to roles
Cardinality
__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization
Constraints
__________ is the traditional method of implementing access control
DAC
_________ specifications limit the availability of the permissions by placing constraints on the roles that can be activated within or across a user's sessions
DSD
A __________ access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource
Discretionary
__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do
Discretionary
Basic access control systems typically define three classes of subject: owner, __________ and world
Group
Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role
Inheritance
__________ controls access based on comparing security labels with security clearances.
MAC
A concept that evolved out of requirements for military information security is ______
Mandatory Access Control
A(n) __________ is a resource to which access is controlled
Object
The basic elements of access control are: subject, __________, and access right
Object
An approval to perform an operation on one or more RBAC protected objects is _________
Permission
A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept
Prerequisite
__________ is based on the roles the users assume in a system rather than the user's identity
RBAC
A __________ is a named job function within the organization that controls this computer system.
Role
__________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles
Role-Based
A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned
Session
__________ Separation of Duty enables the definition of a set of mutually exclusive roles, such that if a user is assigned to one role in the set, the user may not be assigned to any other role in the set
Static
The final permission bit is the _________ bit
Sticky
A __________ is an entity capable of accessing objects
Subject
The __________ functions include the following: create a user session with a default set of active roles; add an active role to a session; delete a role from a session; and check if the session subject has permission to perform a request operation on an object
Supporting System
The NIST model defines two types of role hierarchies: general role hierarchies and ___________ hierarchies
limited
The __________ user ID is exempt from the usual file access control constraints and has system wide access.
superuser
