Homework 3

Due Date: May 3, 2001

Points: 100



1.	(20 points; text, exercise 5.2) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and 
UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, say what type of access (read, 
write, or both) is allowed in the following situations. Assume discretionary access controls allow anyone access 
unless otherwise specified.

a.	Paul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }).

b.	Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B 
}).

c.	Jesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }).

d.	Sammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A 
}).

e.	Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document 
classified (CONFIDENTIAL, { B }).

2.	(20 points; text, exercise 6.5) Explain why the system controllers in Lipner's model need clearances of (SL, { D, 
PC, PD, SD, T }).

3.	(20 points; text, exercise 7.4) Consider using mandatory access controls and compartments to implement an 
ORCON control. Assume there are k different organizations. Organization i will produce n(i,j) documents to be 
shared with organization j.

a.	How many compartments are needed to allow any organization to share a document with any other organiza-
tion?

b.	Now assume that organization i will need to share nm(i, i1, ?, im) documents with organizations i1, ?, im. 
How many compartments will be needed?

4.	(20 points; text, exercise 9.11) Please prove the following:

a.	If p is a prime, f(p) = p-1.

b.	If p and q are both prime, f(pq) = (p-1)(q-1).

5.	(20 points; text, exercise 11.6) Needham and Schroeder suggest the following variant of their protocol:

a.	Alice ? Bob : Alice

b.	Bob ? Alice : { Alice, rand3 } kBob

c.	Alice ? Cathy : { Alice, Bob, rand1, { Alice, rand3 } kBob }

d.	Cathy ? Alice : { Alice, Bob, rand1, ksession, {Alice, rand3, ksession} kBob } kAlice

e.	Alice ? Bob : { Alice, rand3, ksession } kBob

f.	Bob ? Alice : { rand2 } ksession

g.	Alice ? Bob : { rand2-1 }ksession

	Show that this protocol solves the problem of replay due to stolen session keys.