Subjects and Objects in Access Control Models | SSCP Exam
Question
In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified.Such a model can be used to quickly summarize what permissions a subject has for various system objects.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects.
Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system.
This type of access control is usually an attribute of DAC models.
The access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs)
Capability Table - A capability table specifies the access rights a certain subject possesses pertaining to specific objects.
A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.
Access control lists (ACLs) ACLs are used in several operating systems, applications, and router configurations.
They are lists of subjects that are authorized to access a specific object, and they define what level of authorization is granted.
Authorization can be specific to an individual, group, or role.
ACLs map values from the access control matrix to the object.
Whereas a capability corresponds to a row in the access control matrix, the ACL corresponds to a column of the matrix.
NOTE: Ensure you are familiar with the terms Capability and ACLs for the purpose of the exam.
Resource(s) used for this question: Harris, Shon (2012-10-25)
CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 5264-5267)
McGraw-Hill.
Kindle Edition.
or Harris, Shon (2012-10-25)
CISSP All-in-One Exam Guide, 6th Edition, Page 229 and Hernandez CISSP, Steven (2012-12-21)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1923-1925)
Auerbach Publications.
Kindle Edition.
The model described in the question is the Access Control Matrix model, which is used to control access to system resources.
In this model, subjects (users, processes, or devices that request access to system resources) and objects (system resources such as files, directories, or devices) are identified and the permissions or rights that each subject has for each object are specified. These permissions are typically expressed in terms of read, write, execute, and delete access.
The matrix is typically represented as a table with rows representing subjects and columns representing objects. Each entry in the table specifies the access rights that a subject has for an object. For example, an entry may indicate that User A has read and write access to File B.
The Access Control Matrix model provides a quick summary of the permissions that a subject has for various system objects. This allows administrators to easily identify who has access to what resources, and to modify permissions as needed. However, it can also be complex to manage, especially in large systems with many users and resources.
The other models listed in the answers are also used in security, but they have different purposes and characteristics:
The Take-Grant model is a security model that focuses on the propagation of privileges or access rights between subjects and objects.
The Bell-LaPadula model is a security model that enforces confidentiality, ensuring that information is only accessible by those with the proper clearance.
The Biba model is a security model that enforces integrity, ensuring that information is only modified by those with the proper authorization.
