**Due**: February 11, 2014

**Points**: 100

- (
*25 points*) Consider the construction in Section 3.5.2 that shows how to simulate three-parent joint creation using two-parent joint creation (this is on pp. 80–83 of the text). In the original paper,*cr*(_{C}*s*,*c*) =*c*/*R*_{3}(that is, the*t*right was omitted) and*link*_{2}(**S**,**A**_{3}) =**A**_{3}/*t*∈*dom*(**S**) (the second part was omitted). Why won’t this work? (*text*, problem 3.9, modified) - (
*25 points*) Prove Theorem 4-1. Show all elements of your proof. (*text*, problem 4.10) - (
*25 points*) Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, specify what type of access (read, write, or both) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.- Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified (SECRET, {B, C}).
- Anna, cleared for (CONFIDENTIAL, {C}), wants to access a document classified (CONFIDENTIAL, {B}).
- Jesse, cleared for (SECRET, {C}), wants to access a document classified (CONFIDENTIAL, {C}).
- Sammi, cleared for (TOP SECRET, {A, C}), wants to access a document classified (CONFIDENTIAL, {A}).
- Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, {B}).

- (
*25 points*) Prove that the two properties of the hierarchy function (see Section 5.2.3) allow only trees and single nodes as organizations of objects. (*text*, problem 5.6)

- (
*20 points*) Consider Theorem 5.6. Would the theorem hold if the requirement that*z*_{0}be a secure state were eliminated? Justify your answer.

You can also obtain a PDF version of this. | Version of January 22, 2014 at 9:31PM |