Answers to Review Questions
1. C. The subject is active and is always the entity that receives information about or data from the object. A subject can be a user, a program, a process, a file, a computer, a database, and so on. The object is always the entity that provides or hosts information or data. The roles of subject and object can switch while two entities communicate to accomplish a task.
2. A. Access control mechanisms help to prevent losses, including any loss of confidentiality, loss of availability, or loss of integrity. Subjects authenticate on a system and objects are accessed. A first step in access control is the identification and authentication of subjects, but access control also includes ...