# Homework #2

Due: February 5, 2021
Points: 100

## Questions

1. (20 points) A Bell-LaPadula security policy has the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C. Specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Justify your answers.
1. Paul, cleared for (SECRET, { A }), wants to access a document classified (SECRET, { B, C }), and the discretionary access permission for Paul is set to allow him to read the document.
2. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (SECRET, { B, C }) and the discretionary access permissions for Anna are set to allow her to read and write the document.
3. Jesse, cleared for (SECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { C }) and the discretionary access permissions for Jesse are set to allow him to read the document.
4. Sammi, cleared for (TOPSECRET, { A }), wants to access a document classified (CONFIDENTIAL, { A }), and the discretionary access permissions for Sammi are set to disallow her to read and write the document.
5. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, { B }) and the discretionary access permissions for Robin are set to allow her to read the document.

2. (15 points) What does Trusted Solaris placing system executables at ADMIN_LOW prevent? Why is this important?

3. (30 points) Prove Theorem 5.5, which says: Σ(R, D, W, z0) satisfies the ds-property for any secure state z0 if and only if, for every action (r, d, (b, m, f, h), (b′, m′, f′, h′)), W satisfies the following:
1. Every (s, o, p) ∈ bb′ satisfies the ds-property.
2. Every (s, o, p) ∈ b′ that does not satisfy the ds-property is not in b.

4. (15 points) Redo problem 1, but assuming a Biba-based integrity policy, the same category sets, and the integrity levels HIGH, MIDDLE, LOW, and NONE replacing security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED, respectively, in that problem. Note that the integrity levels HIGH, MIDDLE, LOW, and NONE are ordered from highest to lowest.

5. (20 points) In the Clark-Wilson model, prove that applying a sequence of transformation procedures to a system in a valid state results in the system being in a (possibly different) valid state.

 Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 24, 2021 at 12:39PM

You can also obtain a PDF version of this.