Homework #5

CMPS 122, Winter 2005

Assigned: March 1st
Due: Thursday, March 10th at noon

Please read the homework guidelines for information about how to work on the assignment and how to submit it.

  1. Assume there is a user whose clearance level is <secret; {hal9000, deepthought, wopr}>. Which of the following documents could the user access, assuming the military security model?
    1. <top secret; {wopr}>
    2. <secret; {wopr}>
    3. <secret; {wopr, colossus}>
    4. <secret; {wopr, skynet}>
    5. <confidential; {deepthought, hal9000}>
    6. <confidential; {skynet, deepthought}>
    7. <confidential; {wopr}>
  2. Label integrity is a technique that ensures that the (security) label on each object is changed only by the trusted computing base, and not by random procedures. Suggest a mechanism to implement label integrity for a data file. Suggest a mechanism to implement label integrity for a callable procedure. Your mechanisms should be as simple as possible, but no simpler.
  3. Why is it necessary for the trusted computing base to label objects? Why can't it just maintain an access control table with entries for each object and each subject?
  4. The Unix operating system structures files using a tree. Each file is at a leaf of the tree, with the file identified by the (unique) path from the root to the leaf. Each interior node is a directory that specifies part of the pathname. Assume a user can block access through a node by restricting access to the subdirectory. How could you use this structure to implement a discretionary access policy? Assume that this structure is used for access control only; naming would be done using a separate file system hierarchy.
  5. How could you modify this page (NOTE: available only from within the ucsc.edu domain) which is designed for anonymous comments, to send an anonymous email to any user at any domain? Demonstrate this by sending an anonymous email containing your name and email address to cmps122-staff at ethanmiller.com. Also, turn in the modified HTML page (at least the part you changed) with the rest of your homework. How could you fix the script so that the page couldn't be used to send email to randomly chosen email addresses?

Note: some questions adapted from Pfleeger & Pfleeger, Chapter 5.

Last updated 1 Mar 2005 by Ethan L. Miller (elm at ucsc d0t edu)