Quiz on Access Control Models

Access is based on a centralized system administrator's decisions.

Users have full control over the resources they own.

Access rules are determined based on the organization's policies only.

Access control decisions are made dynamically by the system.

System Administrator

Operating System

Resource Owner

Security Manager

Security Labels

Role-Based Access Control

Access Control List (ACL)

Multi-Level Security (MLS)

Ownership of the file is transferred.

Access rights are delegated to the second user.

The system checks for security labels before sharing.

The file is automatically encrypted.

It is too restrictive for users.

It relies on centralized policies.

It allows the propagation of access rights, leading to potential misuse.

It does not allow users to share their resources.

File ownership

Group permissions

Access Control Matrix

Security Clearance Levels

File security labels

User and group permissions (rwx model)

Role-Based Access Control (RBAC)

Mandatory Integrity Control

The system administrator

The new owner

The operating system

The original owner retains control

A government system that classifies files as 'Secret' or 'Confidential.'

A university library system where users can share their book lists.

A corporate email system that restricts all emails based on organizational policy.

A healthcare database with predefined roles and permissions.

Files only

Groups only

Individual users or groups for specific objects

All users on a system