# Homework 2

Due: October 23, 2019 at 11:59pm
Points: 130

## Questions

1. (20 points) Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Assume that discretionary access controls are set to allow anyone access.
1. Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified (SECRET, {B, C}).
2. Anna, cleared for (CONFIDENTIAL, {C}), wants to access a document classified (CONFIDENTIAL, {B}).
3. Jesse, cleared for (SECRET, {C}), wants to access a document classified (CONFIDENTIAL, {C}).
4. Sammi, cleared for (TOP SECRET, {A, C}), wants to access a document classified> (CONFIDENTIAL, {A}).
5. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, {B}).
2. (20 points) Prove the following theorem: If there is an information transfer path from object o1O to object on+1O, then enforcement of the strict integrity policy requires that on+1 < o1 for all n > 1. (This is the analogue to Theorem 6.1 for Biba's strict integrity policy.)
3. (20 points) Using the statistical method in Section 10.2.2, decipher the following ciphertext, which was enciphered using the Caesar cipher:
TEBKFKQEBZLROPBLCERJXKBSBKQP
4. (20 points) Consider the public keys (e1, n1) and (e2, n2) of two RSA cryptosystems.
1. You have discovered that n1 and n2 have a common factor but do not know what it is. How would you find it?
2. You have intercepted a message c enciphered using the first public key. You also know the common factor of n1 and n2. Show how to decrypt c.
5. (20 points) A cryptographic checksumn that computes 64 bit hashes has a probability of 0.5 that at least one collision will occur given 232 messages. Alice wants to take advantage of this to swindle Bob. She and Bob agree to use such a cryptographic checksum. She draws up two contracts, one that Bob has agreed to sign and the other that Bob would not sign. She needs to generate a version of each that has the same checksum. Suggest how she might do this.
Hint: Adding blank spaces, or inserting a character followed by a backspace, will not affect the meaning of either contract.
6. (30 points) The story “Computers Don’t Argue” by Gordon R. Dickson is set in a society that relies on computerized records. It asks what happens when a record is incorrect.
1. The story starts with the book club mailing Mr. Childs a defective copy of Rudyard Kipling’s “Kim”, which he returned, and then sent him a copy of Robert Louis Stevenson’s “Kidnapped", which he also returned. Identify 3 other places where human errors exacerbated the events that occurred to Mr. Childs.
2. What is the central flaw of the computerized system described in the story?

## Extra Credit

1. Prove that the two properties of the hierarchy function (see Section 5.2.3) allow only trees and single nodes as organizations of objects.

 Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of October 12, 2019 at 11:24PM