(25 points) An organization makes each lead system administrator responsible for the security of the system he or she runs. However, the management determines what programs are to be on the system and how they are to be configured.
Describe the security problem(s) that this division of power would create.
How would you fix them?
(25 points) A program called lsu gives access to role accounts. The user’s access rights are checked, and the user is required to enter her password. If access rules allow the change and the user’s password is correct, lsu allows the change. Given that Mary uses lsu from her account, why does lsu require her to enter her password? Name the principles involved, and why they require this.
(25 points) Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.
Paul, cleared for ( SECRET, { B, C } ), wants to access a document classified ( TOP SECRET, { A, C } ).
Anna, cleared for ( CONFIDENTIAL, { B } ), wants to access a document classified ( CONFIDENTIAL, { C } ).
Jesse, cleared for ( CONFIDENTIAL, { C } ), wants to access a document classified ( SECRET, { C } ).
Sammi, cleared for ( CONFIDENTIAL, { A } ), wants to access a document classified ( TOP SECRET, { A, C } ).
Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified ( SECRET, { A } ).
(25 points) In the Clark-Wilson model, must the TPs be executed serially, or can they be executed in parallel? If the former, why? If the latter, what constraints must be placed on their execution?