[CCCure CISSP] Qs2 Access Control: cccure QuizEngn doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Qs2 Access Control: cccure QuizEngn doubts

Amlan Deb
 
Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#2
========

(This one involves 2 questions and explanations which are mentioned below)

 

155. 

1.     Question: 977 | Difficulty: 4/5 | Relevancy: 3/3

Which access control model would a lattice-based access control model be an example of?

o     Mandatory access control.

o      Discretionary access control.

o      Non-discretionary access control.

o      Rule-based access control.

You did not provide any answer to this question. Please review details below.

The correct answer is: Mandatory access control.

In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. In a Mandatory Access Control (MAC) model, users and data owners do not have as much freedom to determine who can access files.

TIPS FROM CLEMENT

This topic has been greatly discussed in my classes and on the www.cccure.org forums.

Mandatory Access Control is in place whenever you have permissions that are being imposed on the subject and the subject cannot arbitrarily change them. When the subject/owner of the file can change permissions at will, it is discretionary access control.

Here is a breakdown largely based on explanations provided by Doug Landoll (see forum archive on www.cccure.org). I am reproducing below using my own word and not exactly how Doug explained it:

FIRST: The Lattice

A lattice is simply an access control tool usually used to implement Mandatory Access Control (MAC) and it could also be used to implement RBAC but this is not as common.  The lattice model can be used for Integrity level or file permissions as well.   The lattice  has a least upper bound and greatest lower bound. It makes use of pair of elements such as the subject security clearance pairing with the object sensitivity label.

SECOND: DAC (Discretionary Access Control)

Let's get into Discretionary Access Control: It is an access control method where the owner (read the creator of the object) will decide who has access at his own discretion.  As we all know, users are sometimes insane. They will share their files with other users based on their identity but nothing prevent the user from further sharing it with other users on the network. Very quickly you loose control on the flow of information and who has access to what. It is used in small and friendly environment where a low level of security is all that is required.

THIRD: MAC (Mandatory Access Control)

All of the following are forms of Mandatory Access Control:

Mandatory Access control (MAC) (Implemented using the lattice)

You must remember that MAC makes use of Security Clearance for the subject and also Labels will be assigned to the objects.  The clearance of the Subject must dominate (be equal or higher) the clearance of the Object being accessed.  The label attached to the object will indicate the sensitivity leval and the categories the object belongs to.  The categories are used to implement the Need to Know.

All of the following are forms of Non Discretionary Access Control:

Role Based Access Control (RBAC)

Rule Based Access Control (Think Firewall in this case)

The official ISC2 book says that RBAC (synonymous with Non Discretionary Access Control) is a form of DAC but they are simply wrong. RBAC is a form of Non Discretionary Access Control.  Non Discretionary DOES NOT equal mandatory access control as there is no labels and clearance involved.

I hope this clarifies the whole drama related to what is what in the world of access control.

In the same line of taught, you should be familiar with the difference between Explicit permission (the user has his own profile) versus Implicit (the user inherit permissions by being a member of a role for example).

The following answers are incorrect:

Discretionary access control. Is incorrect because in a Discretionary Access Control (DAC) model, access is restricted based on the authorization granted to the users. It is identity based access control only. It does not make use of a lattice.

Non-discretionary access control. Is incorrect because Non-discretionary Access Control (NDAC) uses the  role-based access control method to determine access rights and permissions. It is often times used as a synonym to RBAC which is Role Based Access Control. The user inherit permission from the role when they are assigned into the role. This type of access could make use of a lattice but could also be implemented without the use of a lattice in some case.  Mandatory Access Control was a better choice than this one, but RBAC could also make use of a lattice. The BEST answer was MAC.

Rule-based access control. Is incorrect because it is an example of a Non-discretionary Access Control (NDAC) access control mode.   You have rules that are globally applied to all users. There is no such thing as a lattice being use in Rule-Based Access Control.

References:

AIOv3 Access Control (pages 161 - 168)

AIOv3 Security Models and Architecture (pages 291 - 293)

Last modified 08/24/2007 - J. Hajec
Thanks to Robert Caruso for suggesting improvements to this question.
Thanks to Mark Norred for suggestion improvements to this question as well.

Contributor: Christian Vezina

Covered topic: <A title="Lattice-based access control - A type of non-discretionary access control that provides an upper bound and lower bound of access capabilities for every subject and object relationship." href="javascript:void(0)">Lattice-based access control

 

157. 

1.     Question: 979 | Difficulty: 5/5 | Relevancy: 3/3

Which of the following would be used to implement Mandatory Access Control (MAC)?

o      Rule-Based Access Control

o      Role-based access control

o     Lattice-based access control

o      User dictated access control

You did not provide any answer to this question. Please review details below.

The correct answer is:  The lattice is a mechanism use to implement Mandatory Access Control (MAC)

Under Mandatory Access Control (MAC) you have:
Mandatory Access Control

Under  Non Discretionary Access Control (NDAC) you have:
Rule-Based Access Control (official book says it is DAC but they are WRONG)
Role-Based Access Control

Under Discretionary Access Control (DAC) you have:
Discretionary Access Control

The Lattice Based Access Control is a type of access control used to implement other access control method.  A lattice is an ordered list of elements that has a least upper bound and a most lower bound.   The lattice can be used for MAC, DAC, Integrity level, File Permission, and more

For example in the case of MAC, if we look at common government classifications, we have the following:

TOP SECRET
SECRET -----------------------I am the user at secret
CONFIDENTIAL
SENSITIVE BUT UNCLASSIFIED
UNCLASSIFIED

If you look at the diagram above where I am a user at SECRET it means that I can access document at lower classification but not document at TOP SECRET.  The lattice is a list of ORDERED ELEMENT, in this case the ordered elements are classification levels.  My least upper bound is SECRET and my most lower bound is UNCLASSIFIED.

However the lattice could also be used for Integrity Levels such as:

VERY HIGH
HIGH
MEDIUM   ----------I am a user, process, application at the medium level
LOW
VERY LOW

In the case of of Integrity levels you have to think about TRUST.  Of course if I take for example the the VISTA operating system which is based on Biba then Integrity Levels would be used.  As a user having access to the system I cannot tell a process running with administrative privilege what to do.  Else any users on the system could take control of the system by getting highly privilege process to do things on their behalf.  So no read down would be allowed in this case and this is an example of the Biba model. 

Last but not least the lattice could be use for file permissions:

RWX
RW  ---------User at this level
R

If I am a user with READ and WRITE (RW) access privilege then I cannot execute the file because I do not have execute permission which is the X under linux and UNIX.

Many people confuse the Lattice Model and many books says MAC = LATTICE,   however the lattice can be use for other purposes.

References:

There is a great article on technet that talks about the lattice in VISTA:

http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx

also see:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).

and

http://www.microsoft-watch.com/content/vista/gaging_vistas_integrity.html

Thanks to Michelle Staus for sending feedback on this question
Thanks to Patrick McNeil for sending feedback to improve this question
Thanks to Kwok-Ping Sam for sending feedback to improve this question.

Comment:

There is also Role Based Access Control (RBAC) that exists out there.   It COULD be used to simulate MAC but it is not MAC as it does not make use of Label on objects indicating sensitivity and categories.  MAC also require a clearance that dominates the object. 

You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03

Also note that many book uses the same acronym for Role Based Access Control and Rule Based Access Control which is RBAC,  this can be confusing.

The proper way of writing the acronym for Rule Based Access Control is RuBAC, unfortunately it is not commonly used.

Contributor: Christian Vezina

Covered topic: <A title="Non-discretionary access control - An access control model where a central authority determines what subjects can have access to certain objects based on the organizational security policy." href="javascript:void(0)">Non-discretionary access control

 

 

My doubt: Looking at the lines highlighted in red in Qs.155:

 

A lattice is simply an access control tool usually used to implement Mandatory Access Control (MAC) and it could also be used to implement RBAC but this is not as common.  The lattice model can be used for Integrity level or file permissions as well.  

 

and in Qs.157:

 

The lattice can be used for MAC, DAC, Integrity level, File Permission, and more.

It seems that the Lattice Model can be used for MAC, DAC and RBAC. Then why are we only selecting MAC as the answer in both the questions? Is it because MAC is the most common implementation for the Lattice Model and therefore the best answer?

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org