Scribd Logo
Upload

Welcome to Scribd!

  • Homework 2

    Uploaded by

    Pham Duc Long
    103 views2 pages
    Consider a computer system with three users: Alice, Bob, and Cyndy. Alice can read and write the file alicerc, which she owns, but Bob can't read it. Only Cyndy can read the file cyndyrc; only Bob can execute it. Consider the consequences of not applying the principle of attenuation of privilege.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Consider a computer system with three users: Alice, Bob, and Cyndy. Alice can read and write the file alicerc, which she owns, but Bob can't read it. Only Cyndy can read the file cyndyrc; only Bob can execute it. Consider the consequences of not applying the principle of attenuation of privilege.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    103 views2 pages

    Homework 2

    Uploaded by

    Pham Duc Long
    Consider a computer system with three users: Alice, Bob, and Cyndy. Alice can read and write the file alicerc, which she owns, but Bob can't read it. Only Cyndy can read the file cyndyrc; only Bob can execute it. Consider the consequences of not applying the principle of attenuation of privilege.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CSSE442ComputerSecurity Winter20082009

    RoseHulmanInstituteofTechnology ComputerScienceandSoftwareEngineering

    Homework2 Due:19thDecember(Friday),inclass 1. Consideracomputersystemwiththreeusers:Alice,Bob,andCyndy.Aliceownsthefile alicerc,andBobandCyndycanreadit.Cyndycanreadandwritethefilebobrc,whichBob owns,butAlicecanonlyreadit.OnlyCyndycanreadandwritethefilecyndyrc,whichshe owns.Assumethattheownerofeachofthesefilescanexecuteit. a. Createthecorrespondingaccessmatrix. b. CyndygivesAlicepermissiontoreadcyndyrc,andAliceremovesBobsabilityto readalicerc.Showthenewaccesscontrolmatrix. 2. Intheinclassexerciseonday6,weconsideredthesetofrights{read,write,execute, append,list,modify,own}.Usingthesyntaxoftheexampleintheslides(forcreatefile),you wroteacommanddelete_all_rights(p,q,s).Thiscommandcausesptodeleteallrightsthe subjectqhasoveranobjects.Heresanimplementationofthecommand:

    command delete_all_rights(p, q, s) delete r in A[q, s]; delete w in A[q, s]; delete x in A[q, s]; delete a in A[q, s]; delete l in A[q, s]; delete m in A[q, s]; delete o in A[q, s]; end; a. Modifyyourcommandsothatthedeletioncanoccuronlyifphasmodifyrights overs. b. Modifyyourcommandsothatdeletioncanoccuronlyifphasmodifyrightsover sandqdoesnothaveownrightsovers.

    3. Thisexerciseasksyoutoconsidertheconsequencesofnotapplyingtheprincipleof attenuationofprivilegetoacomputersystem. a. Whataretheconsequencesofnotapplyingtheprincipleatall?Inparticular,whatis themaximalsetofrightsthatsubjectswithinthesystemcanacquire(possiblywith thecooperationofothersubjects)? b. Supposeattenuationofprivilegeappliesonlytoaccessrightssuchasreadandwrite, butnottorightssuchasownandgrantrights.Wouldthisamelioratethesituation discussedinpart(a)?Whyorwhynot?

    CSSE442ComputerSecurity Winter20082009

    RoseHulmanInstituteofTechnology ComputerScienceandSoftwareEngineering

    4. InthepapertitledAccessControl:PrinciplesandPractice,byR.S.SandhuandP.Samarati, (seeSandu_Samarati_Access_Control.pdfontheclasswebsiteunderHomework)or http://www.profsandhu.com/journals/commun/i94ac(org).pdftheauthorsdiscusshow accesscontrolmatricesareactuallyimplemented.Answerthefollowingquestionsafter readingthepaper: a. ForthefollowingACM,determine(i)theAccessControllist(ii)thecapabilitylist and(iii)thetableofauthorizationrelations.

    b. Inabout500wordsorless,differentiatebetweendiscretionarypolicies,mandatory policies,androlebasedpolicies.

    You might also like