Homework #1 Revision #1

Due: January 24, 2023
Points: 100

Revision 1, January 23, 2023: There is an error in the statements of Problems 2 and 3. Problem 2 should read “Prove Lemma 3.2”, not Lemma 3.1, as Lemma 3.1 is proven in the text. Also, in problem 4, delete “Lemma 3.1, used in the proof of” — that is from a draft version of the problem. The corrected versions are below.


  1. (24 points) Suppose Alice has r and w rights over the file book. Alice wants to copy r rights to book to Bob.
    1. Assuming there is a copy right c, write a command to do this.
    2. Now assume the system supports a copy flag; for example, the right r with the copy flag would be written as rc. In this case, write a command to do the copy.
    3. In the previous part, what happens if the copy flag is not copied?

  2. (16 points) Prove Lemma 3.2.

  3. (15 points) Someone asks, “Since the Harrison-Ruzzo-Ullman result says that the security question is undecidable, why do we waste our time trying to figure out how secure the Linux operating system is?” Please give an answer justifying the analysis of the security of the Linux system (or any system, for that matter) in light of the HRU result.

  4. (30 points) Theorem 3.1 states: “Suppose two subjects s1 and s2 are created and the rights in A[s1, o1] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] ∪ A[s2, o2] will produce the same result.” Justify this statement. Would it be true if one could test for the absence of rights as well as for the presence of rights?

  5. (15 points) In the SPM model, acyclic creates impose constraints on the types of created subjects but not on the types of created objects. Why not?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 7, 2023 at 6:52PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh