Due: March 4, 2014
- (25 points) Prove Theorem 6–1 for the strict integrity policy of Biba’s model. (text, problem 6.1)
Hint: Use induction on the length of the path.
- (25 points) Suppose a system used the same labels for integrity levels and categories as for subject levels and categories. Under what conditions could one subject read an object? Write to an object? (text, problem 6.3)
- (25 points) In the Clark-Wilson model, must the TPs be executed serially, or can they be executed in parallel? If the former, why; if the latter, what constraints (if any) must be placed on their execution? (text, problem 6.8, modified)
- (25 points) Show that the Clinical Information System Security model’s principles implement each of the Clark-Wilson enforcement and certification rules.
(text, problem 7.3, modified)
Hint: Go through the Clark-Wilson rules one at a time.
- (10 points) Why must sanitized objects be in a single company dataset in their own conflict of interest class, and not in the company dataset corresponding to the institution producing the sanitized object?