- (
*21 points*) A network in the College of Engineering is set up so that individual hosts (really, virtual machines) can run HTTP (web) servers that are available to the outside. (Here,*available*means the ability to read and write data.) The hosts can also run email (SMTP) servers available to other hosts on the CoE network, but these are*not*available to the outside. Instead, all outside mail is routed to a machine named “smtphost”, which forwards it to the internal host, and all internal mail addressed to external hosts is routed to “smtphost”, which forwards it to the destination. There are no other servers available to the outside on “smtphost”.- Please model this using an access control matrix. Use three hosts, “smtphost”, “innie” for a host on the CoE network, and “outie” for an outside host. Don’t forget to include the HTTP servers!
- Write a command that allows “innie” to exchange email directly with “outie”, bypassing “smtphost” entirely.
- Now consider a second host called “reallyinnie” on the CoE network. This host has just been added to the network and has no rights initially. Write a command that gives it the ability to send email to “outie” if, and only if, “innie” can send mail directly to “outie”.

- (
*24 points*) Let*c*be a copy flag and let a computer system have the rights {*read*,*write*,*execute*,*append*,*list*,*modify*,*own*}.- Using the syntax in Section 2.3, write a command
*copy_all_rights*(*p*,*q*,*s*) that copies all rights that*p*has over*s*to*q*. - Modify your command so that only those rights with an associated copy flag are copied.
The new copy should
*not*have the copy flag. - In the previous part, what conceptually would be the effect of copying the copy flag along with the right?

- Using the syntax in Section 2.3, write a command
- (
*20 points*) Someone asks you, “Since the Harrison-Ruzzo-Ullman result says that the security question is undecidable, why do we waste our time trying to figure out how secure the UNIX operating system is?” Please give an answer justifying the analysis of the security of the UNIX system (or any system, for that matter) in light of the HRU result. - (
*35 points*) Prove or give a counterexample:

The predicate*can*•*share*(α,**x**,**y**,*G*_{0}) is true if and only if there is an edge from**x**to**y**in*G*_{0}labeled α, or if the following hold simultaneously in*G*_{0}.- There is a vertex
**s**with an**s**-to-**y**edge labeled α. - There is a subject vertex
**x′**such that**x′**=**x**or**x′**initially spans to**x**. - There is a subject vertex
**s′**such that**s′**=**s**or**s′**terminally spans to**s**. - There is a sequence of subjects
**x**_{1}, …,**x**_{n}with**x**_{1}=**x′**,**x**_{n}=**s′**, and**x**_{i}and**x**_{i+1}(1 ≤*i*<*n*) being connected by an edge labeled*t*, an edge labeled*g*, or a bridge.

- There is a vertex

- (
*20 points*) Prove Lemma 3.2.

You can also obtain a PDF version of this. | Version of January 13, 2014 at 6:23PM |