Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
MAC provides high security by regulating access based on the clearance of individual users and sensitivity labels for each object.Clearance levels and sensitivity levels cannot be modified by individual users -- for example, user Joe (SECRET clearance) cannot reclassify the "Presidential Doughnut Recipe" from "SECRET" to "CONFIDENTIAL" so that his friend Jane (CONFIDENTIAL clearance) can read it.The administrator is ultimately responsible for configuring this protection in accordance with security policy and directives from the Data Owner.
DAC is incorrect.In DAC, the data owner is responsible for controlling access to the object.
Access control matrix is incorrect.The access control matrix is a way of thinking about the access control needed by a population of subjects to a population of objects.
This access control can be applied using rules, ACL's, capability tables, etc.
TACACS is incorrect.TACACS is a tool for performing user authentication.
References: CBK, p.
187, Domain 2: Access Control.
AIO3, Chapter 4, Access Control.
The access control model best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control is MAC (Mandatory Access Control).
MAC is a strict access control model that uses labels to determine access to resources. Labels are assigned to both subjects (users, processes, etc.) and objects (files, directories, etc.), and access is granted or denied based on the labels assigned. The labels are typically assigned by a system administrator and cannot be changed by users.
In a MAC environment, access decisions are made based on the security level of the user and the security level of the resource. If a user has a lower security level than the resource they are trying to access, they will be denied access. This ensures that only users with the appropriate security clearance can access sensitive resources.
Unlike DAC (Discretionary Access Control), where the resource owner determines access control, and users can grant or revoke access to their resources, MAC is a centrally controlled access control model. In a MAC environment, only the administrator grants access control. This ensures that there is no possibility of users granting themselves unauthorized access.
Access Control Matrix is a model that depicts the permissions assigned to each subject for each object in a table. It is not a model itself. TACACS (Terminal Access Controller Access Control System) is a protocol used for authentication, authorization, and accounting (AAA) services.
Therefore, option B, MAC, is the correct answer for this scenario.