Homework 4 - Access Control, Security Policies and Trusted Computing
Due: Friday May 9, 2008 at 5:00pm
This homework is worth 20 points.
- Consider an access control method that wants to allow an object to have
more than one owner. Explain how you would implement this with both ACLs
and capabilities.
- The classic Unix access control model has just read, write and execute
permissions. What other sorts of permissions might you want for an access
control model?
- Give an example of using physical seperation to enforce the Bell-LaPadula
security model.
- The tranquility property of Bell-LaPadula states that the classification
of a subject or an object does not change while it is being referenced.
What would happen if this was NOT true?
- Write a security policy that combines the secrecy of Bell-LaPadula with
the integrity of Biba. Give both the simple and * properties for the
combined model.
- Define the two types of seperation of duty that can be implemented with
the Clark-Wilson model. Give an example of each type.
- Some people claim that an operating system does not need to protect the
segment of memory containing executable code because there is a copy of
the executable on the hard drive. Do you believe this is a valid claim?
Justify your answer.
- Give one reason why security should be part of the design of an operating
system from the beginning instead of added in later.
- Describe the difference between validation and verification.
- What are the advantages and disadvantages that an operating system vendor
might consider when deciding whether or not to undergo the formal
evaluation process?