NETWORK AND COMPUTER SECURITY ASSIGNMENT, Exercises of Network security

NETWORK AND COMPUTER SECURITY ASSIGNMENT

Typology: Exercises

2017/2018

Uploaded on 10/21/2018

angelos-michail
angelos-michail 🇬🇷

1 document

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SPRING 2017 - IT6280
NETWORK AND COMPUTER SECURITY ASSIGNMENT
ANGELOS MICHAIL
Question 1
Suppose we implement a Bell-LaPadula model with three security levels – H(igh),
M(edium) and L(ow), and two categories A and B. Let
λ(s) = (M, {A})
λ(o1) = (L, {A,B})
λ(o2) = (L, )
λ(o3) = (M, {A,B})
λ(o4) = (M, {A})
λ(o5) = (H, )
λ(o6) = (H, {A})
and let the access control matrix be
M o1o2o3o4o5o6
s {r} {a} {r,w} {r, w, a} {r, w, a} {r, w, a}
Complete the following table, where each entry should contain a tick or across
depending on whether s would be given access to the object. (You may assume
that V = throughout.)
o1o2o3o4o5o6
r
a
w
Question 2
Comment on the suitability of the following approach to access control.
Every le is password protected
Whenever a user tries to access a le she is prompted to enter a password
If she enters the correct password
Access is granted
Else
Access is denied
Your answer should consider the following factors
Ease of implementation and use
pf3
pf4

Partial preview of the text

Download NETWORK AND COMPUTER SECURITY ASSIGNMENT and more Exercises Network security in PDF only on Docsity!

SPRING 2017 - IT

NETWORK AND COMPUTER SECURITY ASSIGNMENT

ANGELOS MICHAIL

Question 1

Suppose we implement a Bell-LaPadula model with three security levels – H(igh), M(edium) and L(ow), and two categories A and B. Let

λ(s) = (M, {A})

λ(o 1 ) = (L, {A,B})

λ(o 2 ) = (L, ∅)

λ(o 3 ) = (M, {A,B})

λ(o 4 ) = (M, {A})

λ(o 5 ) = (H, ∅)

λ(o 6 ) = (H, {A})

and let the access control matrix be

M o 1 o 2 o 3 o 4 o 5 o 6 s {r} {a} {r,w} {r, w, a} {r, w, a} {r, w, a}

Complete the following table, where each entry should contain a tick or across depending on whether s would be given access to the object. (You may assume that V = ∅ throughout.)

o 1 o 2 o 3 o 4 o 5 o (^6) r a w

Question 2

Comment on the suitability of the following approach to access control.

Every file is password protected Whenever a user tries to access a file she is prompted to enter a password If she enters the correct password Access is granted Else Access is denied

Your answer should consider the following factors

• Ease of implementation and use

• Ease of management

• Removing access for a particular user

• Adding access for a new user

• Creating a new file

• The security provided by the access control mechanism

Question 3

The information flow policy for confidentiality prohibits a high level user from writing to a low level file. Explain, giving an example, why this may limit the usefulness of such a policy. Suggest a mechanism that would allow a high level user to write to a low level file and would preserve confidentiality requirements. Comment on the suitability of this information flow policy for protecting the integrity of information.

ANSWER 1

Read access: For subject s to be granted read-type access to object o, the security label of s must be at least as high as that of o. In the following matrix the read row is completed due to λ(s)>= λ (o).

Write access: For subject s to be granted write-type access to object o, the security label of s must be no higher than that of o. In the following matrix the write row is completed due to λ(s) <= λ(o).

Append access: For subject s to be granted write-type access to object o, the security label of s must be lower than that of o. In the following matrix the access row is completed due to λ(s) < λ(o).

o 1 o 2 o 3 o 4 o 5 o (^6) r ν ν ν a ν ν w ν ν ν

ANSWER 2

An access control pattern that would prompt a user to enter a password every time he/ she would like to access a file would be either ideal or catastrophic for a business. That depends on the nature of the it, the number of users and files and their level of importance/classification (classified, top secret etc.)

We can assume that a password is a master key for unlocking all doors in a typical/everyday control access pattern. But what happens when you have to use many master keys?

Well, as we mentioned it depends on the situation so we will have to check closely its pros and cons.

The implementation of such a pattern would be a pain in the butt. The total number of the access control needed to be programmed and granted to all users

them away if needed.) That way we control who can see these folders/files and by that we can preserve the confidentiality of the documents/information.

The implementation of such a policy i think would be more complex than the informations flow policy for confidentiality because it is more flexible and we can adjust it every time on our needs. That means that we will always have to create or delete roles that we need to assign. Despite the workload though i think it is better because we have the ability to not deny the write operation on high end user but also not deny the read access from a low end user on a high end file. (ex. might be needed for a project or something).