Types of Access Control

•Discretionary Access Control (DAC, IBAC)

–individual user sets access control mechanism to allow or deny access to an object

•Mandatory Access Control (MAC)

–system mechanism controls access to object, and individual cannot alter that access

•Originator Controlled Access Control (ORCON)

originator (creator) of information controls who can access information

Question

•Policy disallows cheating

–Includes copying homework, with or without permission

•CS class has students do homework on computer

•Anne forgets to read-protect her homework file

•Bill copies it

•Who cheated?

–Anne, Bill, or both?

Answer Part 1

•Bill cheated

–Policy forbids copying homework assignment

–Bill did it

–System entered unauthorized state (Bill having a copy of Anne’s assignment)

•If not explicit in computer security policy, certainly implicit

–Not credible that a unit of the university allows something that the university as a whole forbids, unless the unit explicitly says so

Answer Part 2

•Anne didn’t protect her homework

–Not required by security policy

•She didn’t breach security

•If policy said students had to read-protect homework files, then Anne did breach security

–She didn’t do this