Homework #3

Due: February 23, 2023
Points: 100

Questions

  1. (20 points) Prove Theorem 6–1 for the strict integrity policy of Biba’s model.

  2. (20 points) Consider the KeyNote example for the company’s invoicing system. The assertion requires 2 signatures on any invoice under $10,000. If the invoice is under $500, the chief financial officer believes this is unnecessary; one signature should suffice. Write a KeyNote assertion that says only one signature is needed if the amount of the invoice is under $500.

  3. (30 points) Let the Clinical Information Systems Security have the following functions: create_record, delete_record, read_record, append_to_record, add_to_acl, and move_from_record_to_record. Given these, show that the Clinical Information System model's principles implement the Clark-Wilson enforcement and certification rules.

  4. (30 points) Consider the systems Louie and Dewey in Section 9.2.4.
    1. Suppose the sends and receives for the buffers are non-blocking. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.
    2. Suppose all buffers are unbounded. Is the composition of Hughie, Dewey, and Louie still noninterference-secure? Justify your answer.
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of February 9, 2023 at 2:56PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh