0% found this document useful (0 votes)
262 views5 pages

CSC474/574 Information Systems Security: Homework 3 Solutions Sketch

The document discusses solutions to homework questions about access control policies and matrices. It addresses representing access control policies using access control matrices, access control lists (ACL), and capabilities. It also covers customizing the RBAC0 model, adding users, and using RBAC1 with role hierarchies. Further questions discuss specifying and representing multilevel security policies using lattices. Examples of storage and timing covert channels are also provided.

Uploaded by

CH LEE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
262 views5 pages

CSC474/574 Information Systems Security: Homework 3 Solutions Sketch

The document discusses solutions to homework questions about access control policies and matrices. It addresses representing access control policies using access control matrices, access control lists (ACL), and capabilities. It also covers customizing the RBAC0 model, adding users, and using RBAC1 with role hierarchies. Further questions discuss specifying and representing multilevel security policies using lattices. Examples of storage and timing covert channels are also provided.

Uploaded by

CH LEE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

CSC474/574 Information Systems Security

Homework 3 Solutions Sketch

1. (20 points) Consider a computer system with three users: Alice, Bob, and Cyndy.
Alice owns the file alicerc, and Bob and Cyndy can read it. Cyndy can read and
write Bob's file Bobrc, but Alice can only read it. Only Cyndy can read and write
her file cyndyrc. Assume the owner of each of these files can execute it.

a. (5 points) Create the corresponding access control matrix.


b. (5 points) Use ACL to represent the access control policy specified in (a).
c. (5 points) Use Capabilities to represent the access control policy specified in
(a).
d. (5 points) Cyndy gives Alice permission to read cyndyrc, and Alice removes
Bob's ability to read alice rc. Show the new access control matrix.

A)
a.

alicerc bobrc cyndyrc


Alice {O,X} {R} ---
Bob {R} {O, X} ---
Cyndy {R} {R, W} {R, W, X, O}

b.

Acl(alicerc) = {(Alice, O), (Alice, X), (Bob, R), (Cyndy, R)}

Acl(bobrc) = {(Alice, R), (Bob, O), (Bob, X), (Cyndy, R), (Cyndy, W)}

Acl(cyndyrc) = {(Cyndy, R), (Cyndy, W), (Cyndy, X), (Cyndy, O)}

c.

Capability(Alice) = {(alicerc, {O}), (alicerc, {X}), (bobrc, {R}) }

Capability(Bob) = {(alicerc, {R}), (bobrc, {O}), (bobrc, {X})}

Capability(Cyndy) = {(alicerc, {R}), (bobrc, {R}), (bobrc, {W}), (cyndyrc, R), (cyndyrc,
W), (cyndyrc, O), (cyndyrc, X)}

d.

alicerc bobrc cyndyrc


Alice {O,X} {R} {R}
Bob --- {O, X} ---
Cyndy {R} {R, W} {R, W, X, O}
2. (30 points) Consider two categories A and B. It is well known that MAC with four
compartments can be constructed from these two categories.

a. (10 points) Customize the RBAC0 model to implement the security policy
represented by the above compartments. Assume there is no user in the
system. Represent permissions as o(c), where o is either 'r' (read) or 'w'
(write) and c is a security class. For example, a permission r({AB}) refers to
the permission to read information from the class {AB}.
You need to specify the components of the RBAC0 model. Note that you may
have some empty components (e.g., users, sessions).
b. (10 points) Assume you add the first user X, who is cleared to have the
security class {A}. What changes would you make to the result of (a)?
c. (10 points) Assume that you are allowed to use RBAC1. Develop a role
hierarchy and the corresponding permission assignments. Note that you may
not have a clean hierarchy, since the set of permissions of one role is often not
a subset of that of another role.

A)
a. RBAC0 Model:
Users = { }
Roles = { Ø, A, B, AB }
Permissions= { r(Ø), w(Ø), r(A), w(A),r(B), w(B),r(AB), w(AB) }
Permission Assignments = { (Ø, r(Ø)), (Ø, w(Ø)), (Ø, w(A)), (Ø, w(B)), (Ø, w(AB)),
(A, r(Ø)), (A, r(A)), (A, w(A)), (A, w(AB)), (B, r(Ø)), (B, r(B)), (B, w(B)), (B, w(AB)),
(AB, r(Ø)), (AB, r(A)), (AB, r(B)), (A, r(AB)), (AB, w(AB)) }
User Assignments = { }
Sessions = { }
Users(S  U) = { }
Roles(S  2R) = { }

b.
Users = {X}
Roles = { Ø, A, B, AB }
Permissions= { r(Ø), w(Ø), r(A), w(A),r(B), w(B),r(AB), w(AB) }
Permission Assignments = { (Ø, r(Ø)), (Ø, w(Ø)), (Ø, w(A)), (Ø, w(B)), (Ø, w(AB)),
(A, r(Ø)), (A, r(A)), (A, w(A)), (A, w(AB)), (B, r(Ø)), (B, r(B)), (B, w(B)), (B, w(AB)),
(AB, r(Ø)), (AB, r(A)), (AB, r(B)), (A, r(AB)), (AB, w(AB)) }
Sessions = {S1}
Users(S  U) = {S1  X}
Roles(S  2R) = {S1  {A}}

c. Role Hierarchy:
Users = { }
Roles = { Ø, A, B, AB, R_ Ø, W_ Ø , R_A, W_A, R_B, W_B, R_AB, W_AB }
Permissions= { r(Ø), w(Ø), r(A), w(A),r(B), w(B),r(AB), w(AB) }
Permission Assignments = { (R_ Ø , r(Ø)), (W_Ø, w(Ø )), (R_A, r(A)), (W_A, w(A)),
(R_B, r(B)), (W_B, w(B)), (R_AB, r(AB)), (W_AB, w(AB)) }
User Assignments = { }
Sessions = { }
AB Ø

R_AB A B W_ Ø

R_A R_B W_A W_B

R_ Ø W_AB

3. (40 points) A company has the following security policies regarding the
information that the company considers confidential:

 The company divides information into the following classes: CEO (C),
Managers (M), and public (P);
 Information from Managers and public classes can flow to the CEO class;
 Information from public class can flow to the Manager class;
 Information can flow within each class;
 There is no other allowed information flow between classes.

a. (10 points) Specify this security policy using Denning’s formalism.


Assume the security classes are C (CEO), M (Manager), P (Public).
b. (10 points) Draw the security policy in (a) in a lattice (in Hasse
diagram). Assume that information can flow upwards.
c. (10 points) Assume that in the Manager class, the information is
further divided into compartments with categories A, B, and C. Draw
the resulting lattice for the entire security policy.
d. (10 points) Continue from (b). Assume the company further divides
information into high integrity (H) and low integrity (L) classes.
Information can only flow from high integrity class to low integrity
class. Combine the policies for both confidential and integrity, and
draw the resulting policy in a lattice.

A)
a.
SC = { C, M, P}

 = {C_C, M_M, P_P, P_M, M_C }

+ = { P+P  P,P+M  M,P+C  C,M+M  M,M+C  C,C+C  C }


b.

c.

(M, {A, B, C})

(M, {A, B}) (M, {A, C}) (M, {B, C})

(M, {C})
(M, {A}) (M, {B})

{}

P
d.

{C, L}

{C, H} {M, L}

{M, H} {P, L}

{P, H}

4) (5 points) Give an example for storage covert channel

A) Covert Channel uses shared resources as paths of connection. This requires sharing of
space or time.

Storage Covert Channel:


Suppose 2 processes P & Q are not supposed to communicate with each other and P & Q
share a file system. For process P to send a message to process Q, it creates a file called
send in a directory that both processes can read. Before Q is ready to read the information,
it deletes the send file. Process P then transmits a bit by creating a file named “0bit” or
“1bit”. Q records the bit and then deletes the file. This continues until P creates a file
called end.

Here the shared resource is the directory and names of files in that directory. Processes
communicate by altering characteristics (filenames and file extensions) of shared
resource.

5) (5 points) Give an example for timing covert channel

Timing Covert Channel:


Two virtual machines can establish a covert channel based on the CPU quantum that each
machine receives. If sending machine wishes to send a “0” bit, it relinquishes the CPU
immediately; to send a “1”, it uses its full quantum. By determining how quickly it got
the CPU, second virtual machine can deduce whether the first was sending “1” or a “0”.
The shared resource is CPU. The processes communicate using a real-time clock to
measure the intervals between accesses to shared resource.

You might also like