Which of the following options is an approach to restricting system access to authorized users?
A.
DAC
B.
MIC
C.
RBAC
D.
MAC
Explanation:
Role-based access control (RBAC) is an approach to restricting system access to authorized users. It is
a newer alternative approach to mandatory access control (MAC) and discretionary access control
(DAC). RBAC is sometimes referred to as role-based security. RBAC is a policy neutral and flexible
access control technology sufficiently powerful to simulate DAC and MAC. Conversely, MAC can
simulate RBAC if the role graph is restricted to a tree rather than a partially ordered set.
Answer option A is incorrect. Discretionary access control (DAC) is a kind of access control defined by
the Trusted Computer System Evaluation Criteria as “a means of restricting access to objects based
on the identity of subjects and/or groups to which they belong. The controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission on to any
other subject”.
Answer option D is incorrect. Mandatory access control (MAC) refers to a type of access control by
which the operating system constrains the ability of a subject or initiator to access or generally
perform some sort of operation on an object or target. In practice, a subject is usually a process or
thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments,
etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to
access an object, an authorization rule enforced by the operating system kernel examines these
security attributes and decides whether the access can take place. Any operation by any subject on
any object will be tested against the set of authorization rules to determine if the operation is
allowed.
Answer option B is incorrect. Mandatory Integrity Control (MIC), also called Integrity levels, is a core
security feature, introduced in Windows Vista and Windows Server 2008, which adds Integrity Levels
(IL) to processes running in a login session. This mechanism is able to selectively restrict the access
permissions of certain programs or software components which are considered to be potentially less
trustworthy, compared with other software running under the same user account which is more
trusted.
GSLC Course Manual, Contents. “Change Management”