Homework #3

Due: February 21, 2024
Points: 100

Questions

  1. (20 points) Consider the KeyNote example for the company’s invoicing system. The assertion requires 2 signatures on any invoice under $10,000. If the invoice is under $500, the chief financial officer believes this is unnecessary; one signature should suffice. Write a KeyNote assertion that says only one signature is needed if the amount of the invoice is under $500. For your assertion, the evaluator is to return _MAX_TRUST.

  2. (30 points) Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model.

  3. (30 points) Consider countermeasures for the SYN flood attack that are present on intermediate systems and are designed to allow only legitimate handshakes reach the destination system (see Section 7.4.2). Is the focus of this type of countermeasure the waiting time policy, the user agreements, or both? Why?

  4. (20 points) The system plugh has users Skyler, Matt, and David. Skyler cannot access David’s files, and neither Skyler nor David can access Matt’s files. The system xyzzy has users Holly, Sage, and Heidi. Sage cannot access either Holly’s or Heidi’s files. The composition policy says that Matt and Holly can access one another’s files, and Skyler can access Sage’s files.
    1. Apply the Principle of Autonomy to determine who can read whose files in the composition of xyzzy and plugh.
    2. Apply the Principle of Security to determine who can read whose files in the composition of xyzzy and plugh.
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of February 8, 2024 at 11:26PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh