Which of the following access control models requires defining classification for objects?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and classification of objects.
The Following answers were incorrect: Identity-based Access Control is a type of Discretionary Access Control (DAC), they are synonymous.
Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC or RBAC) are types of Non Discretionary Access Control (NDAC)
Tip: When you have two answers that are synonymous they are not the right choice for sure.
There is only one access control model that makes use of Label, Clearances, and Categories, it is Mandatory Access Control, none of the other one makes use of those items.
Reference(s) used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
The access control models are used to restrict access to resources and data based on defined policies. Each model has its unique features and works in a specific way.
Out of the given options, the access control model that requires defining classification for objects is the Mandatory Access Control (MAC) model, which is represented by option D.
Mandatory access control (MAC) is a type of access control model where the system administrator defines a set of security labels for resources and users. The security labels determine the sensitivity and classification of the resources and users.
In the MAC model, the system administrator is responsible for classifying objects into specific levels, such as "confidential," "top-secret," "public," etc. Access to resources is then granted or denied based on the user's clearance level and the resource's classification level.
This model is commonly used in environments with high-security requirements, such as government agencies and military installations.
On the other hand, Role-based access control (RBAC) is an access control model that assigns permissions based on predefined roles that users perform. Discretionary access control (DAC) grants permission to the owner of a resource to control access. Identity-based access control (IBAC) assigns permissions based on user identity.
To summarize, the access control model that requires defining classification for objects is the Mandatory Access Control (MAC) model.