Non-discretionary access control

As a security administrator you might configure user profiles so that users
cannot change the system’s time, alter system configuration files, access a command
prompt, or install unapproved applications. This type of access control is referred to as
nondiscretionary, meaning that access decisions are not made at the discretion of the user.
Nondiscretionary access controls are put into place by an authoritative entity (usually a
security administrator) with the goal of protecting the organization’s most critical assets.
Non-discretionary access control is when a central authority determines what subjects can
have access to what objects based on the organizational security policy. Centralized
access control is not an existing security model.
Both, Rule Based Access Control (RuBAC or RBAC) and Role Based Access Controls
(RBAC) falls into this category.
Reference(s) used for this question:                                                                                                                 Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 221). McGraw-  Hill. Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 33).

These factors include the enrollment time, the throughput rate, and acceptability.

In addition to the accuracy of the biometric systems, there are other factors
that must also be considered.
These factors include the enrollment time, the throughput rate, and acceptability.
Enrollment time is the time it takes to initially "register" with a system by providing samples
of the biometric characteristic to be evaluated. An acceptable enrollment time is around two
minutes.
For example, in fingerprint systems, the actual fingerprint is stored and requires
approximately 250kb per finger for a high quality image. This level of information is required
for one-to-many searches in forensics applications on very large databases.
In finger-scan technology, a full fingerprint is not stored-the features extracted from this
fingerprint are stored using a small template that requires approximately 500 to 1000 bytes
of storage. The original fingerprint cannot be reconstructed from this template. Updates of the enrollment information may be required because some biometric
characteristics, such as voice and signature, may change with time. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 38.

Mandatory access control

With mandatory access control (MAC), the authorization of a subject's
access to an object is dependant upon labels, which indicate the subject's clearance.
Identity-based access control is a type of discretionary access control. A role-based access
control is a type of non-discretionary access control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 33).

Shoulder surfing

Shoulder surfing is a form of a passive attack involving stealing passwords,
personal identification numbers or other confidential information by looking over someone's
shoulder. All other forms of attack are active attacks, where a threat makes a modification to the system in an attempt to take advantage of a vulnerability.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, chapter 3: Security Management Practices (page 63).

A subject is not allowed to read down.

It is not a property of Bell LaPadula model.
The other answers are incorrect because:
A subject is not allowed to read up is a property of the 'simple security rule' of Bell
LaPadula model.
The property restriction can be escaped by temporarily downgrading a high level subject
can be escaped by temporarily downgrading a high level subject or by identifying a set of
trusted objects which are permitted to violate the property as long as it is not in the middle
of an operation.
It is restricted to confidentiality as it is a state machine model that enforces the
confidentiality aspects of access control.
Reference: Shon Harris AIO v3 , Chapter-5 : Security Models and Architecture , Page:279- 282 

Preventive/Administrative Pairing

The Answer: Preventive/Administrative Pairing: These mechanisms include
organizational policies and procedures, pre-employment background checks, strict hiring
practices, employment agreements, friendly and unfriendly employee termination
procedures, vacation scheduling, labeling of sensitive materials, increased supervision,
security awareness training, behavior awareness, and sign-up procedures to obtain access
to information systems and networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

Random Number Based Access Control

Access Control Techniques
Discretionary Access Control
Mandatory Access Control
Lattice Based Access Control
Rule-Based Access Control
Role-Based Access Control
Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May  2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.

 Identity-based access control

An identity-based access control is an example of discretionary access
control that is based on an individual's identity. Identity-based access control (IBAC) is
access control based on the identity of the user (typically relayed as a characteristic of the
process acting on behalf of that user) where access authorizations to specific objects are
assigned based on user identity.
Rule Based Access Control (RuBAC) and Role Based Access Control (RBAC) are
examples of non-discretionary access controls.
Rule-based access control is a type of non-discretionary access control because this
access is determined by rules and the subject does not decide what those rules will be, the
rules are uniformly applied to ALL of the users or subjects.
In general, all access control policies other than DAC are grouped in the category of nondiscretionary
access control (NDAC). As the name implies, policies in this category have
rules that are not established at the discretion of the user. Non-discretionary policies
establish controls that cannot be changed by users, but only through administrative action.
Both Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC) fall
within Non Discretionary Access Control (NDAC). If it is not DAC or MAC then it is most
likely NDAC.
BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES:
MAC = Mandatory Access Control Under a mandatory access control environment, the system or security administrator will
define what permissions subjects have on objects. The administrator does not dictate
user’s access but simply configure the proper level of access as dictated by the Data
Owner.
The MAC system will look at the Security Clearance of the subject and compare it with the
object sensitivity level or classification level. This is what is called the dominance
relationship.
The subject must DOMINATE the object sensitivity level. Which means that the subject
must have a security clearance equal or higher than the object he is attempting to access.
MAC also introduce the concept of labels. Every objects will have a label attached to them
indicating the classification of the object as well as categories that are used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does
not mean he would be able to access any Secret documents within the system. He would
be allowed to access only Secret document for which he has a Need To Know, formal
approval, and object where the user belong to one of the categories attached to the object.
If there is no clearance and no labels then IT IS NOT Mandatory Access Control.
Many of the other models can mimic MAC but none of them have labels and a dominance
relationship so they are NOT in the MAC category. DAC = Discretionary Access Control
DAC is also known as: Identity Based access control system.
The owner of an object is define as the person who created the object. As such the owner
has the discretion to grant access to other users on the network. Access will be granted
based solely on the identity of those users.
Such system is good for low level of security. One of the major problem is the fact that a
user who has access to someone's else file can further share the file with other users
without the knowledge or permission of the owner of the file. Very quickly this could
become the wild wild west as there is no control on the dissimination of the information.
RBAC = Role Based Access Control
RBAC is a form of Non-Discretionary access control.
Role Based access control usually maps directly with the different types of jobs performed
by employees within a company.
For example there might be 5 security administrator within your company. Instead of
creating each of their profile one by one, you would simply create a role and assign the
administrators to the role. Once an administrator has been assigned to a role, he will
IMPLICITLY inherit the permissions of that role.
RBAC is great tool for environment where there is a a large rotation of employees on a
daily basis such as a very large help desk for example RBAC or RuBAC = Rule Based Access Control
RuBAC is a form of Non-Discretionary access control.
A good example of a Rule Based access control device would be a Firewall. A single set of
rules is imposed to all users attempting to connect through the firewall.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
and
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf
and
http://itlaw.wikia.com/wiki/Identity-based_access_control

Least Privilege

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation

Lattice-based access control

the lattice model, users are assigned security clearences and the data is
classified. Access decisions are made based on the clearence of the user and the
classification of the object. Lattice-based access control is an essential ingredient of formal
security models such as Bell-LaPadula, Biba, Chinese Wall, etc.
The bounds concept comes from the formal definition of a lattice as a "partially ordered set
for which every pair of elements has a greatest lower bound and a least upper bound." To
see the application, consider a file classified as "SECRET" and a user Joe with a security
clearence of "TOP SECRET." Under Bell-LaPadula, Joe's "least upper bound" access to
the file is "READ" and his least lower bound is "NO WRITE" (star property).
Role-based access control is incorrect. Under RBAC, the access is controlled by the
permissions assigned to a role and the specific role assigned to the user.
Biba access control is incorrect. The Biba integrity model is based on a lattice structure but
the context of the question disqualiifes it as the best answer. Content-dependent access control is incorrect. In content dependent access control, the
actual content of the information determines access as enforced by the arbiter.
References:
CBK, pp. 324-325.  AIO3, pp. 291-293. See aprticularly Figure 5-19 on p. 293 for an illustration of bounds in
action.

Kerberos

Kerberos is a trusted, third party authentication protocol that was developed
under Project Athena at MIT.
Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography. A free
implementation of this protocol is available from the Massachusetts Institute of Technology.
Kerberos is available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the Internet do not provide
any security. Tools to "sniff" passwords off of the network are in common use by systems
crackers. Thus, applications which send an unencrypted password over the network are
extremely vulnerable. Worse yet, other client/server applications rely on the client program
to be "honest" about the identity of the user who is using it. Other applications rely on the
client to restrict its activities to those which it is allowed to do, with no other enforcement by
the server.
Some sites attempt to use firewalls to solve their network security problems. Unfortunately,
firewalls assume that "the bad guys" are on the outside, which is often a very bad
assumption. Most of the really damaging incidents of computer crime are carried out by
insiders. Firewalls also have a significant disadvantage in that they restrict how your users
can use the Internet. (After all, firewalls are simply a less extreme example of the dictum
that there is nothing more secure then a computer which is not connected to the network --
and powered off!) In many places, these restrictions are simply unrealistic and
unacceptable. Kerberos was created by MIT as a solution to these network security problems. The
Kerberos protocol uses strong cryptography so that a client can prove its identity to a
server (and vice versa) across an insecure network connection. After a client and server
have used Kerberos to prove their identity, they can also encrypt all of their
communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under a copyright permission notice very similar to
the one used for the BSD operating and X11 Windowing system. MIT provides Kerberos in
source form, so that anyone who wishes to use it may look over the code for themselves
and assure themselves that the code is trustworthy. In addition, for those who prefer to rely
on a professional supported product Kerberos is available as a product from many
different vendors.
In summary, Kerberos is a solution to your network security problems. It provides the tools
of authentication and strong cryptography over the network to help you secure your
information systems across your entire enterprise. We hope you find Kerberos as useful as
it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology
architecture.
KryptoKnight is a Peer to Peer authentication protocol incorporated into the NetSP product
from IBM.
SESAME is an authentication and access control protocol, that also supports
communication confidentiality and integrity. It provides public key based authentication  along with the Kerberos style authentication, that uses symmetric key cryptography.
Sesame supports the Kerberos protocol and adds some security extensions like public key
based authentication and an ECMA-style Privilege Attribute Service. The complete Sesame
protocol is a two step process. In the first step, the client successfully authenticates itself to
the Authentication Server and obtains a ticket that can be presented to the Privilege
Attribute Server. In the second step, the initiator obtains proof of his access rights in the
form of Privilege Attributes Certificate (PAC). The PAC is a specific form of Access Control
Certificate as defined in the ECMA-219 document. This document describes the extensions
to Kerberos for public key based authentication as adopted in Sesame.
SESAME, KryptoKnight, and NetSP never took off and the protocols are no longer
commonly used.                                                                                                                                                         References:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#whatis                                                      and
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40.

Technical control

Logical or technical controls involve the restriction of access to systems and
the protection of information. Smart cards and encryption are examples of these types of
control.
Controls are put into place to reduce the risk an organization faces, and they come in three
main flavors: administrative, technical, and physical. Administrative controls are commonly
referred to as “soft controls” because they are more management-oriented. Examples of
administrative controls are security documentation, risk management, personnel security,
and training. Technical controls (also called logical controls) are software or hardware
components, as in firewalls, IDS, encryption, identification and authentication mechanisms.
And physical controls are items put into place to protect facility, personnel, and resources.
Examples of physical controls are security guards, locks, fencing, and lighting.
Many types of technical controls enable a user to access a system and the resources
within that system. A technical control may be a username and password combination, a
Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader connected to a system. These
technologies verify the user is who he says he is by using different types of authentication
methods. Once a user is properly authenticated, he can be authorized and allowed access
to network resources.
Reference(s) used for this question:                                                                                                                        Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw-
Hill. Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 32).