Question

In: Computer Science

- What is the order of precedence between discretionary access check and Mandatory integrity check? Please...

- What is the order of precedence between discretionary access check and Mandatory integrity check? Please explain?

- Suppose kkk.exe running with low integrity downloads an executable from unknownsite.com. can the download executable write to %SystemRoot%\System32? Why or Why not?

Solutions

Expert Solution

Part 1: Access control models mainly deal with 3 types-

Discretionary Access Control (DAC)

Mandatroy Access Control or Manatory integrity check( MAC)

and a combination of these two access methods named as Lapadula access model.

In some cases only DAC is used and in others only MAC is used. But when need arises for extra secuirty and privacy, both the access methods are used together in a certain order of precendence as follows-

The Bell-LaPadula model implements a combination of DAC and MAC access controls, and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions. For example, we might have a resource that is classified as secret and a user that has a secret level of clearance, normally allowing them to access the resource under the accesses allowed by MAC. However, we might also have an additional layer of DAC under the MAC access, and if the resource owner has not given the user access, they would not be able to access it, despite the MAC permissions.

Such combination adds an extra layer of protection from breach of security and minimizes the access of unauthorized users. But order of precendence only matters when both the access methods are used. You can read about LaPadula model in detail but as far the order of precendence is concerned, this information suffices.

Part 2: Coming to the question of low integrity rights of an .exe file, Suppose kkk.exe running with low integrity downloads an executable from unknownsite.com then yes the download executable can write to %SystemRoot%\System32 and corrupt/modify the root files which govern the OS operations of the PC. As the kkk.exe is running with low integrity, it all depends on which access control methods are used to allow the access of the .exe file. .exe file can be a compressed file signed by say microsoft signature( which may/may not contain protocols to detect some new type of trojan house) and on decompressing can turn out to be a trojan house. If the access method allows the file to write to the %system root% by ticking it safe( as it is signed by microsoft signature) it may cause the trojan house to embed to the system files. If 2 or 3 layers of access controls are used which do not give access to write to the %systemroot% even of it is ticked safe by microsoft, then it may cause no harm and may also be red flagged as a threat.


Related Solutions

what are the pros and cons of discretionary parole and mandatory release?
what are the pros and cons of discretionary parole and mandatory release?
8. What are Mandatory /Discretionary/ External dependencies? Please give one example of each one.
8. What are Mandatory /Discretionary/ External dependencies? Please give one example of each one.
What is mandatory spending also known as discretionary spending by the federal government? Define and give...
What is mandatory spending also known as discretionary spending by the federal government? Define and give examples.
What is the difference between discretionary versus non-discretionary fixed costs, and can they be changed? Explain
What is the difference between discretionary versus non-discretionary fixed costs, and can they be changed? Explain
1. T/F. Under non-discretionary access control, a third-party security administrator determines what users have access to...
1. T/F. Under non-discretionary access control, a third-party security administrator determines what users have access to certain network and system resources. 2. T/F. When establishing firewall rules, the most prudent configuration is to implicitly deny by blocking all traffic by default then rely on business need and justification to create new rules as exceptions. 3. T/F. By default, all virtual private network (VPN) client software encrypts network traffic. 4. T/F. Asymmetric encryption is more secure than symmetric encryption.
What is the difference between automatic stabilizers and discretionary fiscal policy?
What is the difference between automatic stabilizers and discretionary fiscal policy?
1- what is the relationship between integrity and necessity of enforcement ? 2- what is the...
1- what is the relationship between integrity and necessity of enforcement ? 2- what is the relationship between external auditing and window-dressing? 3- At what stage in the design process should prototyping take place? why is prototyping done? 4- Why might design trade-offs be made? Give an example Essay 1- Do society, employers and employees have shared interests? 2- Are there personal cost involved when one blows the whistle ? and should an individual ever consider doing it despite these...
what is disposable and discretionary income? please type the answer or write in print
what is disposable and discretionary income? please type the answer or write in print
What is the difference between logical access to the computer and physical access to the computer?...
What is the difference between logical access to the computer and physical access to the computer? Why is the security of both important?
Please read the following four examples below. Please identify what they are (i.e., discretionary fiscal policy,...
Please read the following four examples below. Please identify what they are (i.e., discretionary fiscal policy, monetary policy, or automatic stabilizer) and explain why.   a) A terrible recession occurs as a result of a bubble in the housing market bursting, and government-funded unemployment compensation is paid out to laid-off workers. b) As the economy heats up, the resulting increase in equilibrium GDP results in higher income tax payments, which dampen consumption spending somewhat. c) To stem an overheated economy, the...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT