Access Control List (ACL)

Access Control List

Prev Question Next Question

Question

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

"It [ACL] specifies a list of users [subjects] who are allowed access to each object" CBK, p.

188 A capability table is incorrect.

"Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject.

For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user's posession of a capability (or ticket) for the object." CBK, pp.

191-192

The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject.

To put it another way, as noted in AIO3 on p.

169, "A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL." An access control matrix is incorrect.

The access control matrix is a way of describing the rules for an access control strategy.

The matrix lists the users, groups and roles down the left side and the resources and functions across the top.

The cells of the matrix can either indicate that access is allowed or indicate the type of access.

CBK pp 317 - 318

AIO3, p.

169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects.

In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects.

This access control can be applied using rules, ACL's, capability tables, etc.

A role-based matrix is incorrect.

Again, a matrix of roles vs objects could be used as a tool for thinking about the access control to be applied to a set of objects.

The results of the analysis could then be implemented using RBAC.

References: CBK, Domain 2: Access Control.

AIO3, Chapter 4: Access Control.

The correct answer is B, an access control list.

An access control list (ACL) is a list of subjects (users, groups, or processes) along with their corresponding access rights that are authorized to access a specific object (file, folder, or resource). It is essentially a set of permissions that determine what actions a subject can perform on an object.

Access control lists are commonly used in computer systems and networks to enforce security policies and restrict unauthorized access to sensitive data or resources. ACLs can be implemented at various levels, including file systems, network devices, applications, and databases.

The access control list can be implemented in two ways: discretionary access control (DAC) and mandatory access control (MAC). In DAC, the owner of an object has the authority to set permissions on that object, while in MAC, access control is enforced by the system itself based on a predefined security policy.

Other options in the question are: A. A capability table: A capability table is a list of all the actions that a particular user or process is authorized to perform. It is commonly used in operating systems to manage resource allocation and access control.

C. An access control matrix: An access control matrix is a table that specifies the access rights of all subjects to all objects in a system. It is a more complex access control model than an access control list and is commonly used in high-security environments.

D. A role-based matrix: A role-based matrix is a type of access control model that assigns roles to subjects based on their job responsibilities or functions within an organization. Access control is then enforced based on the role assigned to the subject.