Homework 3
Due Date: May 3, 2001
Points: 100
1. (20 points; text, exercise 5.2) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and
UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, say what type of access (read,
write, or both) is allowed in the following situations. Assume discretionary access controls allow anyone access
unless otherwise specified.
a. Paul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }).
b. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B
}).
c. Jesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }).
d. Sammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A
}).
e. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document
classified (CONFIDENTIAL, { B }).
2. (20 points; text, exercise 6.5) Explain why the system controllers in Lipner's model need clearances of (SL, { D,
PC, PD, SD, T }).
3. (20 points; text, exercise 7.4) Consider using mandatory access controls and compartments to implement an
ORCON control. Assume there are k different organizations. Organization i will produce n(i,j) documents to be
shared with organization j.
a. How many compartments are needed to allow any organization to share a document with any other organiza-
tion?
b. Now assume that organization i will need to share nm(i, i1, ?, im) documents with organizations i1, ?, im.
How many compartments will be needed?
4. (20 points; text, exercise 9.11) Please prove the following:
a. If p is a prime, f(p) = p-1.
b. If p and q are both prime, f(pq) = (p-1)(q-1).
5. (20 points; text, exercise 11.6) Needham and Schroeder suggest the following variant of their protocol:
a. Alice ? Bob : Alice
b. Bob ? Alice : { Alice, rand3 } kBob
c. Alice ? Cathy : { Alice, Bob, rand1, { Alice, rand3 } kBob }
d. Cathy ? Alice : { Alice, Bob, rand1, ksession, {Alice, rand3, ksession} kBob } kAlice
e. Alice ? Bob : { Alice, rand3, ksession } kBob
f. Bob ? Alice : { rand2 } ksession
g. Alice ? Bob : { rand2-1 }ksession
Show that this protocol solves the problem of replay due to stolen session keys.