Homework 2 Due Date: April 19, 2001 Points: 100 1. (20 points; text, exercise 1.3) The aphorism "security through obscurity" says that hiding information provides some level of security. Please give an example of a situation in which hiding information does not add apprecia- bly to the security of a system. Give an example when it does. 2. (20 points; text, exercise 2.5) Let c be a copy flag and let a computer system have the set of rights { r, w, x, a, l, m, o }. a. Using the syntax in class (and in section 2.3 of the text), write a command copy_all_rights(p, q, s) that cop- ies all rights that p has over s to q. b. Modify your command so only those rights with an associated copy flag are copied. The new copy should not have the copy flag. 3. (40 points; text, exercise 3.1) Prove or give a counterexample: The predicate canshare(a, x, y, G0) is true if and only if there is an edge from x to y in G0 labelled a, or if the following hold simultaneously: a. there is a vertex with an s-to-y edge labelled a; b. there is a subject vertex x´ such that x´ = x or x´ initially spans to x; c. there is a subject vertex s´ such that s´ = s or s´ terminally spans to s; and d. there is a sequence of subjects x´ = x1, -, xn = s´ with xi and xi+1 (1 i < n) being connected by an edge labelled t, an edge labelled g, or a bridge. 4. (20 points; text, exercise 4.5) Classify each of the following as examples of mandatory, discretionary, or origina- tor controlled policies, or a combination. Please justify your answers. a. The file access control mechanisms of the UNIX operating system. b. A system in which no memorandum can be distributed without the author's consent. c. A facility in which only generals can enter a particular room. d. A university's registrar office, in which faculty can see grades of a particular student provided that student has given written permission.