


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
NETWORK AND COMPUTER SECURITY ASSIGNMENT
Typology: Exercises
1 / 4
This page cannot be seen from the preview
Don't miss anything!



Question 1
Suppose we implement a Bell-LaPadula model with three security levels – H(igh), M(edium) and L(ow), and two categories A and B. Let
λ(s) = (M, {A})
λ(o 1 ) = (L, {A,B})
λ(o 2 ) = (L, ∅)
λ(o 3 ) = (M, {A,B})
λ(o 4 ) = (M, {A})
λ(o 5 ) = (H, ∅)
λ(o 6 ) = (H, {A})
and let the access control matrix be
M o 1 o 2 o 3 o 4 o 5 o 6 s {r} {a} {r,w} {r, w, a} {r, w, a} {r, w, a}
Complete the following table, where each entry should contain a tick or across depending on whether s would be given access to the object. (You may assume that V = ∅ throughout.)
o 1 o 2 o 3 o 4 o 5 o (^6) r a w
Question 2
Comment on the suitability of the following approach to access control.
Every file is password protected Whenever a user tries to access a file she is prompted to enter a password If she enters the correct password Access is granted Else Access is denied
Your answer should consider the following factors
Question 3
The information flow policy for confidentiality prohibits a high level user from writing to a low level file. Explain, giving an example, why this may limit the usefulness of such a policy. Suggest a mechanism that would allow a high level user to write to a low level file and would preserve confidentiality requirements. Comment on the suitability of this information flow policy for protecting the integrity of information.
ANSWER 1
Read access: For subject s to be granted read-type access to object o, the security label of s must be at least as high as that of o. In the following matrix the read row is completed due to λ(s)>= λ (o).
Write access: For subject s to be granted write-type access to object o, the security label of s must be no higher than that of o. In the following matrix the write row is completed due to λ(s) <= λ(o).
Append access: For subject s to be granted write-type access to object o, the security label of s must be lower than that of o. In the following matrix the access row is completed due to λ(s) < λ(o).
o 1 o 2 o 3 o 4 o 5 o (^6) r ν ν ν a ν ν w ν ν ν
An access control pattern that would prompt a user to enter a password every time he/ she would like to access a file would be either ideal or catastrophic for a business. That depends on the nature of the it, the number of users and files and their level of importance/classification (classified, top secret etc.)
We can assume that a password is a master key for unlocking all doors in a typical/everyday control access pattern. But what happens when you have to use many master keys?
Well, as we mentioned it depends on the situation so we will have to check closely its pros and cons.
The implementation of such a pattern would be a pain in the butt. The total number of the access control needed to be programmed and granted to all users
them away if needed.) That way we control who can see these folders/files and by that we can preserve the confidentiality of the documents/information.
The implementation of such a policy i think would be more complex than the informations flow policy for confidentiality because it is more flexible and we can adjust it every time on our needs. That means that we will always have to create or delete roles that we need to assign. Despite the workload though i think it is better because we have the ability to not deny the write operation on high end user but also not deny the read access from a low end user on a high end file. (ex. might be needed for a project or something).