Homework #2

Due: April 28, 2025
Points: 100

Questions

  1. (20 points) Consider the construction of the three-parent joint creation operation from the two-parent joint creation operation shown in Section 3.5.2. One paper had crC(s, c) = c/R3 and link2(S, A3) = A3/tdom(S). Why is this not sufficient to derive the three-parent joint creation operation from the two-parent joint creation operation?

  2. (18 points) Given the security levels L4, L3, L2, L1, and L0 (ordered from highest to lowest), and the categories C1, C2, and C3, specify what type of access (read, write, both, or neither) under the Bell-LaPadula model is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.
    1. Tom, cleared for (L4, {C2, C3}), wants to access a document classified (L3, {C2}}.
    2. Annie, cleared for (L2, {C1}), wants to access a document classified (L2, {C2}).
    3. Katie, cleared for (L0, {C3}), wants to access a document classified (L4, {C1, C3}).
    4. Paul, cleared for (L3, {C1, C2}, wants to access a document classified (L3, {C1, C2}).
    5. Judy, cleared for (L4, {C1, C2, C3}), wants to access a document classified (L3, {C1, C2}).
    6. Sylvester, cleared for (L0, ∅) wants to access a document classified (L4, {C3}).

  3. (18 points) Repeat the above question, but under the Biba Strict Integrity Policy model rathe than the Bell-LaPadula model.

  4. (20 points) Prove Theorem 6.1 for the strict integrity policy of Biba’s model.

  5. (14 points) In the Clark-Wilson model, must the TPs be executed serially, or can they be executed in parallel? If the former, why; if the latter, what constraints must be placed on their execution?

  6. (10 points) In the Brewer-Nash (Chinese Wall) model, why must sanitized objects be in a single company dataset in their own conflict of interest class, and not in the company dataset corresponding to the institution producing the sanitized object?
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of April 15, 2025 at 10:40PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh