


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Assignment; Professor: Hinrichs; Class: Computer Security I; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Fall 2008;
Typology: Assignments
1 / 4
This page cannot be seen from the preview
Don't miss anything!



Due October 24, 2008.
e. Create a view called test_filter that displays columns a and b from table test, but only for rows in which a > 2. Grant read (select) and write access (insert, update, and delete) on this view to users shinrich and leolson1. create view test_filter as select * from test where a>2; grant select,insert,update,delete on test_filter to shinrich,leolson1; f. In what way is granting write access on test_filter as in step e misleading? It is misleading because users can insert values into test_filter that do not satisfy a>2, or can update existing rows such that they do not satisfy a>2. A careless database administrator might assume that the test_filter view would prevent such operations. i. Do an internet search on the SQL clause with check option , or refer to the MySQL manual at http://dev.mysql.com/doc/refman/5.0/en/create-view.html, and describe how you would change the test_filter view definition to fix this problem. alter view test_filter as select * from test where a>2 with check option; ii. Describe a scenario in which omitting the with check option would be an appropriate policy. Many possible answers here. One example scenario is a to-do list, where only items marked as unfinished appear in the view. The user can set them as finished, which would remove the items from the view while correctly changing the underlying table. For another example, sales representatives may partition customers geographically. When a customer moves, the sales representative can update the address even if it moves the customer out of his geographic area (and adding the customer to another representative's area).
Subject Object Access? Alice Vole Read Bob Yak Read Ellen Zebra Append Dave Vole Nothing In class we only discussed the simple form of labels for Biba, but we mentioned the model could be extended to use the level and category labels as used in Bell-LaPadula. Now interpret the labels as integrity labels in the strict Biba model. Fill the access column with the access that strict Biba would give each subject to the corresponding object: read, append (or pure write). Subject Object Access? Alice Zebra Read and Append Bob Vole Append Ellen Yak Nothing Dave Unicorn Append