Homework 5 - Project Milestone, Malicious Logic and Vulnerability Analysis
Due: Monday May 19, 2008 at 5:00pm
This homework is worth 20 points.
Part 1 - Project Milestone (10 points)
Provide an outline of your project paper. The outline should describe the
main sections of your paper and relevant subsections. For example, the
"Prior Work" section would have one subsection per reference if you are
doing a research project.
Part 2 - Questions (10 points)
- Could capabilities be used to limit the damage a Trojan horse can do?
Consider how capabilities differ from access control lists in your
response.
- How could confinement be used to limit the damage a Trojan horse can do?
- Consider a system which implements Bell LaPadula for unclassified,
restricted and classified levels. Could a macro virus first introduced
in an unclassfied document infect documents at the classified level?
Why or why not?
- Why classify vulnerabilities using vulnerability analysis? What benefit
does it provide?
- The PA model and the RISOS model are isomorphic. Show how the PA
classifications correspond to the RISOS classes.