Homework #3

Due: February 18, 2022
Points: 100


  1. (15 points) In the Clark-Wilson model, must the TPs be executed serially, or can they be executed in parallel? If the former, why; if the latter, what constraints must be placed on their execution?

  2. (15 points) Consider the KeyNote example for the company’s invoicing system. The assertion requires 2 signatures on any invoice under 10,000. If the invoice is under 500, the chief financial officer believes this is unnecessary; one signature should suffice. Write a KeyNote assertion that says only one signature is needed if the amount of the invoice is under $500.

  3. (30 points) Show that the Clinical Information System Security model’s principles implement each of the Clark-Wilson enforcement and certification rules.
    Hint: Go through the Clark-Wilson rules one at a time.

  4. (25 points) Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model.

  5. (15 points) The system plugh has users Skyler, Matt, and David. Skyler cannot access David’s files, and neither Skyler nor David can access Matt’s files. The system xyzzy has users Holly, Sage, and Heidi. Sage cannot access either Holly’s or Heidi’s files. The composition policy says that Matt and Holly can access one another’s files, and Skyler can access Sage’s files. Apply the Principles of Autonomy and Security to determine who can read whose files in the composition of xyzzy and plugh.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of February 8, 2022 at 10:53AM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh