Homework #1

Due: April 10, 2026
Points: 100

  1. (15 points) Is it possible to design and implement a system in which no assumptions about trust are made? Why or why not?

  2. (20 points) Suppose Alice has r and w rights over the file book. Alice wants to copy r rights to book to Bob.
    1. Assuming there is a copy right c, write a command to do this.
    2. Now assume the system supports a copy flag; for example, the right r with the copy flag would be written as rc. In this case, write a command to do the copy.
    3. In the previous part, what happens if the copy flag is not copied?

  3. (15 points) A reference monitor requires three properties: that it be simple, that it be complete (always invoked), and that it be tamperproof. Explain why these three properties are necessary.

  4. (25 points) The proof of Theorem 3.1 states the following: Suppose two subjects s1 and s2 are created and the rights in A[s1, o1] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] ∪ A[s2, o2] will produce the same result. Justify this statement. Would it be true if one could test for the absence of rights as well as for the presence of rights?

  5. (25 points) Reverse the edge between d and e in Figure 3-4(a) so there is an edge labeled g from d to e. Is canshare(r, x, z, G0) still true? If so, please show a witness; if not, please prove it does not hold.

Extra Credit

Remember that extra credit scores are not added to your homework score. They are recorded separately and used to determine whether to boost your grade if the score is on a borderline.

  1. (25 points) The Take-Grant Protection Model provides two rights, take and grant, that enable the transfer of other rights. SPM’s demand right, in many ways analogous to take, was shown to be unnecessary. Could take similarly be dropped from the Take-Grant Protection Model?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of March 24, 2026 at 1:58PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh