# Homework #2

Due: February 4, 2022
Points: 100

## Questions

1. (20 points) Consider the construction of the three-parent joint creation operation from the two-parent joint creation operation shown in Section 3.5.2. One paper had crC(s, c) = c/R3 and link2(S, A3) = A3/t ∈ dom(S). Why is this not sufficient to derive the three-parent joint creation operation from the two-parent joint creation operation?

2. (18 points) Given the security levels L4, L3, L2, L1, and L0 (ordered from highest to lowest), and the categories C1, C2, and C3, specify what type of access (read, write, both, or neither) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.
1. Tom, cleared for (L4, {C2, C3}), wants to access a document classified (L3, {C2}).
2. Annie, cleared for (L2, {C1}), wants to access a document classified (L2, {C2}).
3. Katie, cleared for (L0, {C3}), wants to access a document classified (L4, {C1, C3}).
4. Paul, cleared for (L3, {C1, C2}), wants to access a document classified (L3, {C1, C2}).
5. Judy, cleared for (L4, {C1, C2, C3}), wants to access a document classified (L3, {C1, C2}).
6. Sylvester, cleared for (L4, ∅), wants to access a document classified (L4, {C1}).

3. (25 points) Prove that the two properties of the hierarchy function (see Section 5.2.3) allow only trees and single nodes as organizations of objects.

4. (17 points) Requirements are often difficult to derive, especially when the environment in which the system will function, and the specific tasks it will perform, are unknown. Explain the problems that this causes during development of assurance.

5. (20 points) Prove Theorem 6.1 for the strict integrity policy of Biba’s model.

 Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 19, 2022 at 9:56AM