Modern Software Engineering: Principles & Practices

These flashcards cover key concepts from Modern Software Engineering regarding access control, including models like RBAC, DAC, MAC, the principles behind them, and modern practices in software security.

Access Control is used to __ who can access what resources.

Regulate

In Mandatory Access Control (MAC), the system decides who has __ to resources.

access

In Discretionary Access Control (DAC), users can determine which others can __ their resources.

access

Bell-LaPadula model primarily focuses on __ in access control.

confidentiality

Biba model is designed to ensure __ in access control.

integrity

RBAC stands for __ Based Access Control.

Role

In Role-Based Access Control (RBAC), permissions are assigned to __, which are then assigned to users.

roles

The principle of __ controls who can perform certain actions based on roles in an organization.

Role Hierarchy

Separation of Duty requires that critical operations are divided among __ subjects to prevent security risks.

multiple

Dynamic Separation of Duty (DSD) allows multiple roles assigned to the same user but __ cannot be activated in the same session.

cannot

NGAC is an extension of RBAC that incorporates __ obligations.

administrative

Attribute-Based Access Control (ABAC) grants access based on __ of the subject and object.

attributes

In XACML (eXtensible Access Control Markup Language), access decisions are made based on policy __ and rules.

targets

Zanzibar is a centralized authorization model developed by __.

Google

Cedar is an open-source policy language created by __.

Amazon

OWASP identifies Broken Access Control as a top security __.

risk