# Homework 3

Due Date: May 3, 2001
Points: 100

1. (20 points; text, exercise 5.2) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, say what type of access (read, write, or both) is allowed in the following situations. Assume discretionary access controls allow anyone access unless otherwise specified.
1. Paul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }).
2. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B }).
3. Jesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }).
4. Sammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A }).
5. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, { B }).
2. (20 points; text, exercise 6.5) Explain why the system controllers in Lipner's model need clearances of (SL, { D, PC, PD, SD, T }).
3. (20 points; text, exercise 7.4) Consider using mandatory access controls and compartments to implement an ORCON control. Assume there are k different organizations. Organization i will produce n(i,j) documents to be shared with organization j.
1. How many compartments are needed to allow any organization to share a document with any other organization?
2. Now assume that organization i will need to share nm(i, i1, ..., im) documents with organizations i1, ..., im. How many compartments will be needed?
4. (20 points; text, exercise 9.11) Please prove the following:
1. If p is a prime, PHI(p) = p-1.
2. If p and q are both prime, PHI(pq) = (p-1)(q-1).
5. (20 points; text, exercise 11.6) Needham and Schroeder suggest the following variant of their protocol:
1. Alice -> Bob : Alice
2. Bob -> Alice : { Alice, rand3 } kBob
3. Alice -> Cathy : { Alice, Bob, rand1, { Alice, rand3 } kBob
4. Cathy -> Alice : { Alice, Bob, rand1, ksession, { Alice, rand3, ksession} kBob } kAlice
5. Alice -> Bob : { Alice, rand3, ksession } kBob
6. Bob -> Alice : { rand2 } ksession
7. Alice -> Bob : { rand2-1 } ksession
Show that this protocol solves the problem of replay due to stolen session keys.

 Matt Bishop Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060 Fax: +1 (530) 752-4767 Email: bishop@cs.ucdavis.edu Copyright Matt Bishop, 2001. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.