Homework #3

Due: February 22, 2012 Points: 100

Questions

  1. (25 points) Prove or disprove: Theorem 6--1 holds for Biba's ring policy (described in Section 6.2.2).
  2. (20 points) In the Clark-Wilson model, must the TPs be executed serially, or can they be executed in parallel? If the former, why; if the latter, what constraints must be placed on their execution? (text, §6.8, exercise 9)
  3. (25 points) Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model. (text, §7.8, exercise 1)
  4. (30 points) Consider the systems Louie and Dewey in Section 8.2.4.
    1. Suppose the sends and receives for the buffers are non-blocking. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.
    2. Suppose all buffers are unbounded. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.

Extra Credit

  1. (15 points) A physician who is addicted to a pain-killing medicine can prescribe the medication for herself. Please show how RBAC in general, and Definition 7–12 specifically, can be used to govern the dispensing of prescription drugs to prevent a physician from prescribing medicine for herself. (text, §7.8, problem 7.7) (text, §4.11, exercise 9)

A PDF version is available here.
UC Davis sigil
ECS 235B, Foundations of Computer and Information Security
Winter Quarter 2012