Homework 4

Due: March 8, 2019
Points: 100

1. (30 points) Revisit the example for x := y + z in Section 17.1.1. Assume that x does not exist in state s. Confirm that information flows from y and z to x by computing H(y_s | x_t), H(y_s), H(z_s | x_t), and H(z_s) and showing that H(y_s | x_t) < H(y_s) and H(z_s | x_t) < H(z_s).
2. (20 points) Let L = (S_L, ≤_L) be a lattice. Prove that the structure IL = (S_IL, ≤_IL) is a lattice, where:
   1. S_IL = { [a, b] | a, b ∈ S ∧ a ≤_L b }
   2. ≤_IL = { ([a₁, b₁], [a₂, b₂]) | a₁ ≤_L a₂ ∧ b₁ ≤_L b₂ }
   3. lub_IL([a₁, b₁], [a₂, b₂]) = (lub_L(a₁, a₂), lub_L(b₁, b₂))
   4. glb_IL([a₁, b₁], [a₂, b₂]) = (glb_L(a₁, a₂), glb_L(b₁, b₂))
3. (20 points) Consider the rule of transitive confinement. Suppose a process needs to execute a subprocess in such a way that the child can access exactly two files, one only for reading and one only for writing.
   1. Could capabilities be used to implement this? If so, how?
   2. Could access control lists be used to implement this? If so, how?
4. (30 points) Consider the systems Louie and Dewey in Section 9.2.4.
   1. Suppose the sends and receives for the buffers are non-blocking. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.
   2. Suppose all buffers are unbounded. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.

Matt Bishop Office: 2209 Watershed Science Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

You can also obtain a PDF version of this. Version of February 23, 2019 at 11:58PM