Due: Thursday, February 27, 1997 at 10:00AM (note new time!)
These are worth 25 points each.
Write a set of rules combining the secrecy controls of the
Bell-LaPadula model with the integrity controls of the Biba model.
In the UNIX file system, could a mandatory access policy be defined so
that a user has access to a file. only if the user has access to all
subdirectories higher (closer to the root) in the file structure? What
would be the effect of this policy?
One version of the UNIX find(1) command works by scanning a database of
fiole information that is constructed nightly. It then checks each
directory in the file system; if the date of last modification is later
than that stored in the database, or the directory is not in the
database, it checks the files actually in the directory. Discuss the
security implications of this version of find. Specifically, if you
used find to locate all files modified after a certain date, or all
files of a certain type (such as setUID to root), could this version
of find miss files that the standard version of find would report?
Assume the Clark-Wilson model is implemented on a computer system.
Could a computer virus that scrambled constrained data items be
introduced into the system? Why or why not? Specifically, if not,
identify the precise control that would prevent it from being
intorduced, and say why it would prevent the virus from being
introduced; if yes, identify the specific control or controls that
allow it to be introduced and say why they fail to keep it out.
This is worth 100 points.
Write a program that takes as an argument a command name. On output, it
prints the full path names of all programs with the command name in the
user's path. Output should look like:
dec24 % where mail
If the user could execute a listed program, put a "*" after
it (as above). If any of the files are symbolic links, put
"@" followed by what it refers to. You must use C or C++ for
mail: /usr/bin/mail* /usr/ucb/mail*
Hint: You do not need to worry about aliases.
Modify the program to handle C-shell aliases.
You can also see this document as a
Binhex Framemaker version 5 document,
plain ASCII text document.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/20/97