# Homework #1

Due: January 19, 2022
Points: 100

## Questions

1. (16 points) Consider the following change in the rules associated with each (object, verb) pair in Miller and Baldwin’s model (see Section 2.2.1):

namerules
recipes  write: ‘creative’ in subject.group and ‘chef’ in subject.role
overpass  write: ‘artist’ in subject.role and ‘creative’ in subject.group
.shellrct  write: ‘hack’ in subject.group and (time.hour < 4 or time.hour > 20) and time.hour >
oven.dev  temp_ctl: ‘kitchen’ in subject.program and ‘chef’ in subject.role

How does this change the access control matrices shown at the end of that section?

2. (24 points) Consider the set of rights { r, w, n }.
1. Using the syntax in Section 2.3, write a command delete_all_rights(p, q, o). This command causes p to delete all rights the subject q has over an object o.
2. Modify your command so that the deletion can occur only if p has w rights over o.
3. Modify your command so that the deletion can occur only if p has r rights over o and q does not have n rights over o.

3. (30 points) Theorem 3.1, used in the proof of Theorem 3.1, states: “Suppose two subjects s1 and s2 are created and the rights in A[s1, o1] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] ∪ A[s2, o2] will produce the same result.” Justify this statement. Would it be true if one could test for the absence of rights as well as for the presence of rights?

4. (20 points) Prove or disprove: The claim of Lemma 3.1 holds when x is an object.

5. (10 points) In the SPM model, acyclic creates impose constraints on the types of created subjects but not on the types of created objects. Why not?

 Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu
ECS 235A, Computer and Information Security
Version of January 2, 2022 at 11:25PM