Homework 4

Due Date: December 7, 2000
160 Points


  1. (30 points) Alice can read and write the file x, can read the file y, and can execute the file z. Bob can read x, can read and write y, and cannot access z.
    1. Please write a set of access control lists for this situation, and say what each list is associated with.
    2. Please write a set of capability lists for this situation, and say what each list is associated with.
  2. (30 points) Consider how a system with capabilities as its access control mechanism could deal with Trojan horses.
    1. In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists.
    2. Consider now the inheritance properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit the damage that a Trojan horse could do?
    3. Can capabilities protect against all Trojan horses? Either show that they can, or describe a Trojan horse process that C-Lists cannot protect against.
  3. (30 points) Consider Multics procedure p and data segment d. Procedure p is executing and needs to access segment d. Segment d's access bracket is (5, 6). Assume that d's access control list gives p full (read, write, append, and execute) rights to d. In which ring(s) must p execute for the following to happen?
    1. p can read, write, and append to d?
    2. p can read d but not write to or append to d?
    3. p cannot access q?
  4. (10 points) Prove that the set of all subsets of a given set S (called the power set of S) forms a lattice under the relation "subset".
  5. (30 points) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, say what type of access (read, write, or both) is allowed in the following situations. Assume discretionary access controls allow anyone access unless otherwise specified.
    1. Paul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }).
    2. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B }).
    3. Jesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }).
    4. Sammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A }).
    5. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, { B }).
  6. (30 points) A computer system provides protection using the Biba policy. How would a virus spread if:
    1. the virus were placed on the system at system low (the compartment which all other compartments dominate)?
    2. the virus were placed on the system at system high (the compartment which dominates all compartments)?

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: bishop@cs.ucdavis.edu
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 11/28/2000