You are implementing an authorization mechanism based on the state machine model to prevent privilege propagation and control information flow for confidentiality. Which of the following is the best mechanism to meet the security requirements? (Wentz QOTD)
A. Identity-based access control
B. Attribute-based access control
C. Role-based access control
D. Lattice-based access control
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Lattice-based access control.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
A lattice is an abstract structure studied in the mathematical subdisciplines of order theory and abstract algebra. It consists of a partially ordered set in which every pair of elements has a unique supremum (also called a least upper bound or join) and a unique infimum (also called a greatest lower bound or meet).
Source: Wikipedia
Discretionary access control (DAC) is an authorization mechanism that the data owner makes the authorization decision based on need-to-know and least privilege principles. Security administrators or data custodians implement the authorization decision on the system stored in a data structure called access control matrix based on identities of subjects (capability table) and objects (access control list). However, privileges granted per the DAC policy are subject to propagate to other subjects.
Mandatory access control (MAC) compensates for the weakness of DAC by matching labels of subjects and objects to control information flow based on the lattice theory.
Reference
您正在實施基於狀態機模型的授權機制,以防止特權傳播和控制信息流以確保機密性。 以下哪一項是滿足安全要求的最佳機制? (Wentz QOTD)
A. 基於身份的訪問控制
B. 基於屬性的訪問控制
C. 基於角色的訪問控制
D. 基於晶格(lattice)的訪問控制
Pingback: 基於晶格的存取控制(Lattice-based access control)授權機制,以防止特權傳播和控制信息流以確保機密性 – Choson資安大小事