Homework #1 Revision 1

This corrects a typo in problem 3; “in the proof of Theorem 3.1” should be “in the proof of the HRU result”.

Due: January 22, 2021
Points: 100


  1. (21 points) A network in the College of Engineering is set up so that individual hosts (really, virtual machines) can run HTTP (web) servers that are available to the outside. (Here, available means the ability to read and write data.) The hosts can also run email (SMTP) servers available to other hosts on the CoE network, but these are not available to the outside. Instead, all outside mail is routed to a machine named “smtphost”, which forwards it to the internal host, and all internal mail addressed to external hosts is routed to “smtphost”, which forwards it to the destination. There are no other servers available to the outside on “smtphost”.
    1. Please model this using an access control matrix. Use three hosts, “smtphost”, “innie” for a host on the CoE network, and “outie” for an outside host. Don’t forget to include the HTTP servers!
    2. Write a command that allows “innie” to exchange email directly with “outie”, bypassing “smtphost” entirely.
    3. Now consider a second host called “reallyinnie” on the CoE network. This host has just been added to the network and has no rights initially. Write a command that gives it the ability to send email to “outie” if, and only if, “innie” can send mail directly to “outie”.

  2. (21 points) Suppose Alice has r and w rights over the file book. Alice wants to copy r rights to book to Bob.
    1. Assuming there is a copy right c, write a command to do this.
    2. Now assume the system supports a copy flag; for example, the right r with the copy flag would be written as rc. In this case, write a command to do the copy.
    3. In the previous part, what happens if the copy flag is not copied?

  3. (29 points) Theorem 3.1, used in the proof of Theorem 3.1, states: “Suppose two subjects s1 and s2 are created and the rights in A[s1, o1] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] ∪ A[s2, o2] will produce the same result.” Justify this statement. Would it be true if one could test for the absence of rights as well as for the presence of rights?

  4. (29 points) Prove or give a counterexample:
    The predicate canshare(α, x, y, G0) is true if and only if there is an edge from x to y in G0 labeled α, or if the following hold simultaneously.
    1. There is a vertex with an s-to-y edge labeled α.
    2. There is a subject vertex x′ such that x′ = x or x′ initially spans to x.
    3. There is a subject vertex s′ such that s′ = s or s′ terminally spans to s.
    4. There is a sequence of subjects x1 …, xn with x1 = x′, xn = s′, and xi and xi+1 (1 ≤ i < n) being connected by an edge labeled t, an edge labeled g, or a bridge.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 7, 2021 at 5:15PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh