- (
*25 points*) Consider the construction in Section 3.5.2 that shows how to simulate three-parent joint creation using two-parent joint creation (this is on pp. 80–83 of the text). In the original paper,*cr*(_{C}*s*,*c*) =*c*/*R*_{3}(that is, the*t*right was omitted) and*link*_{2}(**S**,**A**_{3}) =**A**_{3}/*t*∈*dom*(**S**}) (the second part was omitted). Why won’t this work?

(*text*, problem 3.9, modified) - (
*25 points*) Use DTEL to create a domain*d_guest*composed of processes executing the restricted shell*/usr/bin/restsh*. These processes cannot create any files. They can read and execute any object of type*t_sysbin*. They can read and search any object of type*t_guest*.

(*text*, problem 4.7) - (
*25 points*) Expand the proof of Theorem 4–2 to show the statement, and the proof, of the induction.

(*text*, problem 4.7) - (
*25 points*) Prove Theorem 5–11.

(*text*, problem 5.11, modified)

- (
*20 points*) Consider McLean’s reformulation of the simple security condition, the *-property, and the ds-property (see page 146).- Does this eliminate the need to place constraints on the initial state of the system in order to prove that the system in secure?
- Why do you believe Bell and LaPadula did not use this formulation?

*text*, problem 5.12)

You can also obtain a PDF version of this. | Version of April 15, 2013 at 11:30AM |