Describe each of the following four kinds of access control mechanisms in terms of (a) ease of determining authorized access during execution, (b) ease of adding access for a new subject, (c) ease of deleting access by a subject, and (d) ease of creating a new object to which all subjects by default have access. • Per-subject access control list (that is, one list for each subject tells all the
objects to which that subject has access) • Per-object access control list (that is, one list for each object tells all the subjects who have access to that object) • Access control matrix • Capability
What will be an ideal response?
Per-?subject
access
control:
(a)
A
simple
lookup
from
the
list,
which
can
be
an
O(1)
operation
in
the
average
case
if
implemented
as
a
hash
table.
(b)
An
addition
to
that
subject's
list,
which
can
effectively
be
an
O(1)
operation.
(c)
A
removal
from
that
subject's
list,
which
can
effectively
be
an
O(1)
operation.
(d)
An
entry
needs
to
be
added
to
all
subjects'
lists,
which
is
an
O(n)
operation
where
n
is
the
number
of
subjects.
Per-?object
access
control:
(a)
A
simple
lookup
from
the
list,
which
can
effectively
be
an
O(1)
operation.
(b)
An
addition
to
the
list,
which
can
effectively
be
an
O(1)
operation.
(c)
A
removal
from
the
list,
which
can
effectively
be
an
O(1)
operation.
(d)
In
this
model,
default
access
rights
for
an
object
can
be
set,
so
this,
too,
can
be
an
O(1)
operation.
Access
control
matrix:
(a)
This
is
essentially
a
lookup
by
subject
and
object,
and
the
speed
depends
on
implementation,
but
is
likely
O(n).
(b)
Assuming
the
subject
is
being
newly
created,
a
new
row
must
be
added
to
the
matrix,
which
can
be
quite
costly
depending
on
implementation
(potentially
requiring
the
whole
table
to
be
copied).
(c)
This
is
essentially
a
lookup
by
subject
and
object,
and
the
speed
depends
on
implementation,
but
is
likely
O(n).
(d)
Depending
on
implementation,
creating
a
new
object
may
require
making
a
copy
of
the
whole
table,
which
would
be
O(n^2),
or
may
just
require
adding
a
new
entry
to
an
existing
table,
which
can
be
made
to
have
a
default
entry
for
a
performance
of
O(1).
Capability:
The
capability
model
needs
to
be
backed
by
one
of
the
other
models,
so,
depending
on
implementation,
it
can
effectively
have
the
same
performance
as
any
of
the
other
models.
The
only
potential
difference
is
in
revocation,
where
the
need
to
track
capability
"tickets"
for
revocation
becomes
an
issue.
You might also like to view...
What does the acronym IREF stand for?
Fill in the blank(s) with the appropriate word(s).
Which of the following is true?
a) When TDC is bound to a table, the user must allocate enough table data elements to accomodate all of the data in the datasource. b) The TDC handles creating table cells for output. c) Once the table is bound with TDC, the font property is not modifiable. d) The TDC handles printing the table header.
When you choose the Captions below ALL pictures option in the Edit Photo Album dialog box, the file type appears as a caption below the picture
Indicate whether the statement is true or false
List the categories of choices for Active Directory installation when a domain already exists.
What will be an ideal response?