Homework #3

Due: May 19, 2017
Points: 100


  1. (30 points) Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model.

  2. (20 points) Let L = (SL, ≤L) be a lattice. Define:
    1. SIL = { [a, b] | a, bSLaL b }
    2. IL = { ([a1, b1], [a2, b2]) | a1L a2b1L b2 }
    3. lubIL([a1, b1], [a2, b2]) = (lubL(a1, a2), lubL(b1, b2))
    4. glbIL([a1, b1], [a2, b2]) = (glbL(a1, a2), glbL(b1, b2))
    Prove that the structure IL = (SIL, ≤IL is a lattice.

  3. (15 points) Extend the semantics of the information flow security mechanism in Section 17.3.1 for records (structures).

  4. (15 points) In the flow certification requirement for the goto statement in Section, the set of blocks along an execution path from bi to IFD(bi) excludes these endpoints. Why are they excluded?

  5. (20 points) Section 17.6.1 says that enabling advertising libraries and the apps that invoke them execute in the same environment, with the same privileges, violates the Principle of Least Privilege (see Definition 14.2.1).
    1. Explain why. How might the principle be enforced?
    2. On the web, the protocol, host, and port in a URL define an “‘origin”. The same origin policy allows scripts in a web page to access data in a second web page only if they have the same origin. Older versions of the Android’s WebView component treated every object with the protocol file:// (that is, the URL begins with that string) as though it had the same origin, violating the same origin policy. So any JavaScript embedded in HTML in a local file can, if loaded into WebView, access resources with the same permissions as the app. Why is this dangerous?

You can also obtain a PDF version of this. Version of May 5, 2017 at 12:23AM