Chapter 6 - 6.2.4

0.0(0)
studied byStudied by 0 people
linked notesView linked note
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/18

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

19 Terms

1
New cards

Multi-program execution

Machines that can run more than one program simultaneously, raising the need for protection mechanisms to prevent interference between programs.

2
New cards

Access controls

Security measures at the application level that enforce domain-specific policies, such as restricting bank staff from viewing account details without proper authentication.

3
New cards

Middleware

Software that acts as a bridge between applications and databases, enforcing protection properties for data access.

4
New cards

Android app isolation

The operating system treats apps from different companies as separate users, protecting their data from each other.

5
New cards

Discretionary Access Control (DAC)

A protection mechanism where access rights are determined by the machine operator.

6
New cards

Mandatory Access Control (MAC)

A protection mechanism controlled by the vendor, safeguarding the operating system from malware modifications.

7
New cards

Protection domain

A set of processes or threads that share access to the same resources, rather than focusing on individual programs.

8
New cards

Access control matrices

Tools for implementing and modeling protection mechanisms, but can become unwieldy in large organizations.

9
New cards

Groups vs

Groups are lists of principals, while roles are fixed sets of access permissions that can be assumed by principals.

10
New cards

Access Control List (ACL)

A method of storing access rights column-wise, commonly used in Unix systems for managing file security.

11
New cards

ACL advantages

Simple implementation and user-managed file security, widely adopted in Unix-based systems.

12
New cards

ACL disadvantages

Inefficient for runtime security checks and tedious for auditing user access across many files.

13
New cards

Unix file permissions

Files have read, write, and execute attributes for owner, group, and world, with root having unrestricted access.

14
New cards

Set-user-id (suid)

A file attribute allowing a program to run with the privileges of its owner, which can lead to security vulnerabilities if misused.

15
New cards

Stateful access rules

Rules that complicate user revocation and tracking of file access, especially after termination.

16
New cards

Capability-based protection

A system where rights can be delegated easily, improving runtime security checks compared to ACLs.

17
New cards

IBM AS/400

A system that popularized capability-based protection in the mainstream computing market.

18
New cards

Public key certificates

Cryptographic tools that function as capabilities, allowing secure access delegation.

19
New cards

Trust relationships

The alignment of system trust with real-world trust dynamics to enhance security and reliability in access control.