2 cissp ® Official Study Guide Eighth Edition

Understand the Fundamental Concepts of Security Models 
287
access control list (ACL). Each row of the matrix is a 
capabilities list
. An ACL is tied to the 
object; it lists valid actions each subject can perform. A capability list is tied to the subject; 
it lists valid actions that can be taken on each object. From an administration perspective, 
using only capability lists for access control is a management nightmare. A capability list 
method of access control can be accomplished by storing on each subject a list of rights 
the subject has for every object. This effectively gives each user a key ring of accesses and 
rights to objects within the security domain. To remove access to a particular object, every 
user (subject) that has access to it must be individually manipulated. Thus, managing access 
on each user account is much more difficult than managing access on each object (in other 
words, via ACLs).
F I g u r e 8 . 2
The Take-Grant model’s directed graph
X
t
Take
Grant
r,w
r
r
Y
Z
X
g
r,w
Y
Z
X
t
r,w
Y
Z
X
g
r,w
Y
Z
Implementing an access control matrix model usually involves the following:
■
Constructing an environment that can create and manage lists of subjects and objects
■
Crafting a function that can return the type associated with whatever object is supplied 
to that function as input (this is important because an object’s type determines what 
kind of operations may be applied to it)
The access control matrix shown in Table 8.1 is for a discretionary access control 
system. A mandatory or rule-based matrix can be constructed simply by replacing 
the subject names with classifications or roles. Access control matrixes are used by 
systems to quickly determine whether the requested action by a subject for an object is 
authorized.

Download 19,3 Mb.

Do'stlaringiz bilan baham: