1. Access Controls are security features that are usually considered the first line of defense in asset protection. They are used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. These controls can be administrative, physical, or technical in nature and should be applied in a layered approach, ensuring that an intruder would have to compromise more than one countermeasure to access critical assets. Explain each of these controls of administrative, physical, and technical with examples of real-world applications.
2. Access control defines how users should be identified, authenticated, and authorized. These issues are carried out differently in different access control models and technologies, and it is up to the organization to determine which best fits its business and security needs. Explain each of these access control models with examples of real-world applications.
3. The architecture of a computer system is very important and comprises many topics. The system has to ensure that memory is properly segregated and protected, ensure that only auhtorized subjects access objects, ensure that untrusted processes cannot perform activities that would put other processes at risk, control the flow of information, and define a domain of resources for each subject. It also must ensure that, if the computer experiences any type of disruption, it will not result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security model is built to support the requirements of this policy. Given these definitions, provide an example where you could better design computer architecture to secure the computer system with real-world applications. You may use fictitious examples to support your argument.