Consider the ordered detailed access control list below. Give the end results an

Question

Consider the ordered detailed access control list below. Give the end results and the steps taken in deciding the following requests made to the operating system

A) Stephan is in Group A and Group B and seeks to write to the object

B) Linda is in Group B and seeks to execute the object

C) Joe is in Group A and seeks to read the object

D) Chris is in Group C and seeks to read the object

Consider the ordered detailed access control list below. Give the end results and the steps taken in deciding the following requests made to the operating system A) Stephan is in Group A and Group B and seeks to write to the object B) Linda is in Group B and seeks to execute the object C) Joe is in Group A and seeks to read the object D) Chris is in Group C and seeks to read the object

Explanation / Answer

DACL(discretionary access control list):

This identifies the authorized or trusted people to grant or deny accesses to the securable object.

This contains the ACEs that is Access control entries, depending on the ACEs, the permissions are given to the object with the respective operations to access/deny the object.

If the DACL, does not contain the ACEs, then the permission to access the object is blocked, so that no one gets the permission to access.

If the DACL is absent, the permission to access the object is given to Every one (group or individual).

If the DACL is present and ACEs are also present then depending on the given permissions in each individual ACEs provides the access/deny control to the object.

It in general, the system checks for one or more ACEs that that allows the entire request for the access rights. Otherwise, the system checks for until there is any request for access rights are denied.

Each ACE is checked by the system in sequence until and unless there is atleast one occurrence of following events:

Depending on the one of the listed trustee in the access token of the thread, the requests for the access rights are explicitly denied, and then they are also denied by the access-denied ACE.

All access rights are granted explicitly by the one or more access-allowed ACEs for the trustees to those who are listed in the access token thread.

Even though all ACEs access have been checked, the system implicitly denies the access to the trustees if system finds there is still atleast one request access right that has not been allowed for the trustees explicitly.

a)

According to the sequential order of the ACEs, Stephan is denied by the first ACEs irrespective of the Group A and Group B.

Hence, it does not check the rest of the ACEs.

b)

Linda is in Group B and first it is checked in the list of the ACEs one, then followed by second one. In both the ACEs are not applicable to the Linda.

But Linda need to execute, but only Write permissions are given.

Then it checks for the other ACE4 where all rights are given to everyone, here also, only read permission is given.

So Linda could not perform the execute permission.

c)

Joe is in Group A. Since, the Group is denied by the ACE2. Therefore, the permissions are not given to Joe.

Joe also does not get any permission.

d)

Chris is in Group C. ACE1, ACE2 and ACE3 are not applicable to Group C.

Then it checks for the ACE4 that contains permission to read the object. Hence, Chris gets the rights to read the object.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.