Homework #5

CMPS 122, Spring 2004

Assigned: May 24th
Due: Wednesday, June 2nd at 11:59 PM

Please read the homework guidelines for information about how to work on the assignment and how to submit it.

  1. One additional property of the Bell-La Padula model discussed in class is the tranquility principle, which states that the classification of a subject or object does not change while it's being referenced. Why is this principle necessary? What might happen in a system where this principle didn't hold true?
  2. Assume there is a user whose clearance level is <secret; {hal9000, deepthought, wopr}>. Which of the following documents could the user access, assuming the military security model?
    1. <top secret; {wopr}>
    2. <secret; {wopr}>
    3. <secret; {wopr, colossus}>
    4. <secret; {wopr, skynet}>
    5. <confidential; {deepthought, hal9000}>
    6. <confidential; {skynet, deepthought}>
    7. <confidential; {wopr}>
  3. Label integrity is a technique that ensures that the (security) label on each object is changed only by the trusted computing base, and not by random procedures. Suggest a mechanism to implement label integrity for a data file. Suggest a mechanism to implement label integrity for a callable procedure. Your mechanisms should be as simple as possible, but no simpler.
  4. Why is it necessary for the trusted computing base to label objects? Why can't it just maintain an access control table with entries for each object and each subject?
  5. The Unix operating system structures files using a tree. Each file is at a leaf of the tree, with the file identified by the (unique) path from the root to the leaf. Each interior node is a directory that specifies part of the pathname. Assume a user can block access through a node by restricting access to the subdirectory. How could you use this structure to implement a discretionary access policy? Assume that this structure is used for access control only; naming would be done using a separate file system hierarchy.

Note: some questions adapted from Pfleeger & Pfleeger, Chapter 5.

Last updated 24 May 2004 by Ethan L. Miller (elm at ucsc d0t edu)
Don't follow me!
Protected by wpoison