Assignment 3

1. Describe what security mechanisms and security policies are,
2. give a concrete example of each, and
3. describe how security mechanisms and security policies in general should be related.

Suppose we want to allow high-level subjects to write low-level objects in the BLP model.

1. Explain why this is not possible in the basic BLP model
2. Explain each of the two standard solutions to the problem, and their respective advantages and disadvantages. Motivate your answers.

Given the following access control matrix and the command transfer_read as defined in the lecture notes,

1. Draw a transition diagram showing the reachable states.
2. Is the system safe with respect to the read+ right/permission? Motivate and explain your answer.

In Gollman's book, page 54-55, an example is given to explain why the ss-property of the Chinese Wall model is not sufficient.

Explain how the example works in the Chinese Wall model, under the following assumptions:

• Initially, for all o
  • x(o) = { Company_B } if y(o) = Company_A
  • x(o) = { Company_A } if y(o) = Company_B
• The following accesses are performed:
  1. Analyst_A reads o from Company_A
  2. Analyst_A writes o1 (with info from o) in Bank
  3. Analyst_B reads o1 from Bank

1. Describe the transitions of the system given the above accesses.
2. For each of the transitions, analyse whether the ss-property and *-property permit them or not.
3. After the actions above (if they are possible), describe the state and how the ss- and *-properties affect the future actions of Analyst_B

Describe and motivate any further assumptions you make on the example.

Consider the following (atomic; considered as a whole) program, where the variable x has level "top secret", and the variable y has level "unclassified".

Is the program authorized to run in the Denning's quantitative model (see lecture notes)? Under which circumstances? Describe all information flows, and motivate your answers carefully!

z := 1;
if (is_prime(x)) then z := 0; end if
y := z;