Homework 1

Due: October 6, 2021
Points: 100

  1. (20 points) In addition to mathematical and informal statements of policy, policies can be implicit (not stated). Why might this be done? Might it occur with informally stated policies? What problems can this cause?

  2. (20 points) The PostScript language describes page layout for printers. Among its features is the ability to request that the interpreter execute commands on the host system.
    1. Describe a danger that this feature presents when the language interpreter is running with administrative or root privileges.
    2. Explain how the principle of least privilege could be used to ameliorate this danger.

  3. (20 points) Definition 19–2 defines assurance in terms of “confidence.” A vendor advertises that its system was connected to the Internet for three months, and no one was able to break into it. It claims that this means that the system cannot be broken into from any network.
    1. Do you share the vendor’s confidence? Why or why not?
    2. If a commercial evaluation service had monitored the testing of this system and confirmed that, despite numerous attempts, no attacker had succeeded in breaking into it, would your confidence in the vendor’s claim be increased, decreased, or left unchanged? Justify your answer.

  4. (20 points) Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.

    1. Paul, cleared for ( TOP SECRET, { A, C } ), wants to access a document classified ( SECRET, { B, C } ).
    2. Anna, cleared for ( CONFIDENTIAL, { C } ), wants to access a document classified ( CONFIDENTIAL, { B } ).
    3. Jesse, cleared for ( SECRET, { C } ), wants to access a document classified ( CONFIDENTIAL, { C } ).
    4. Sammi, cleared for ( TOP SECRET, { A, C } ), wants to access a document classified ( CONFIDENTIAL, { A } ).
    5. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified ( CONFIDENTIAL, { B } ).

  5. (20 points) The relations certified (see ER1) and allowed (see ER2) can be collapsed into a single relation. Please do so and state the new relation. Why doesn’t the Clark-Wilson model do this?

Extra credit

  1. (20 points) A cryptographer once claimed that security mechanisms other than cryptography were unnecessary because cryptography could provide any desired level of confidentiality and integrity. Ignoring availability, either justify or refute the cryptographer’s claim.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235A, Computer and Information Security
Version of September 22, 2021 at 11:06PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh