is2150_hw4_stm57

is2150_hw4_stm57 - StevenMadara IS2150Fall2009 Prof.Joshi...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: StevenMadara IS2150Fall2009 Prof.Joshi HW4 1.Section6.6 (1)AssumethatL(S)=lsisthesecurityclearanceofasubjectSandL(O)=lois securityclassificationofanobjectO(forsecuritylevell).BytheBell LaPadulamodel,asubjectinlisonlyabletoreadasubjectinl'ifldominates l'.Thismeansthatthesecuritylevel(ls,lo)dominatesthesecuritylevelof (ls',lo')iffls<=ls'andloexistsinlo'.Sincethesecurityandintegritylevels arethesame,(ls,lo)alsodefinestheintegrityclearanceandcategorysetfor integritylevell.Again,theBibamodelonlyallowsareadifthe aforementioneddominationofl'overlexists.Acombinationoftheabove meansasubjectinlcanreadinl'iffl=l'.So,thesubjectattemptingtoreada givenentitymustbeatthesamesecurity/integritylevel.Thesameargument appliestoasubjectwritingtoanentitymustbeatthesame security/integritylevel. (3)TheTPscanbeexecutedinaparallelfashionaslongascertainconditions aremet.Theseconditionsentailthefollowing:morethanoneprocessisable toreadanobjectatthesametime,butonlyoneprocesscanwritetoan objectatwhichtime,nootherprocessisabletoreadthatobject. Therefore,issuesariseduringexecutionoftheTPsiftheyaretryingto write/modify/updatethesameCDIatthesametime.Thegoalisconsistency invalues/datawhenmorethanoneprocesstriestoalteraCDItheresults areuncertain.SoifoneTPiswritingtoanobjectwhileothersaretryingto readthatobjectthereisnoapparentintegrityinthevaluesbeingread (inconsistency). 2.Theintroductionofthismodelwasaradicalseparationfrompreviousmodels, usingtransactionsasthebasicoperationallowingforaprecisemodelof commercialsystems.Theconceptofseparationofdutyandseparationoffunction arecapturedmorepreciselyintheClarkWilsonmodelvs.previousmodels.Inthe CWmodel,thenotionofcertificationisdistinctfromthatofenforcementeach havingtheirownsetofrules.Asystemfollowingstrictadherencetothismodel wouldensureenforcementrulesareobeyed.IntheCWmodelthereisamore practicalmethodofmovingdatafromUDItoCDI.Also,ifanentityweretobe upgradedthereisaTP,initself,thathasbeencertified.So,CW'sinclusionsof enforcementandcertificationrulesaddtotheexplicitnatureofthemodel. 3.AssumeAliceandBobarefriends.COI1={X,Y}andCOI2={U,V}LetCDX,CDY, CDU,andCDVbethecompanydatasetsofcompaniesX,Y,UandV. ShowallpossibleassignmentsthatareallowedandprohibitedbyChineseWall policyconsiderreadonlyassignmentsaswellasreadandwrite. (1)OnlyreadaccessesneedtobeprovidedtoCDs ReadaccessesarecomposedofoneAlicepermissionandoneBob permission.NeitherAlicenorBobareallowedtoreadbothCDsfrom thesameCOI. Alicecanreadonly(CDXorCDYorCDUorCDV) AlicecanreadCDXandCDU AlicecanreadCDXandCDV AlicecanreadCDYandCDU AlicecanreadCDYandCDV Bobcanreadonly(CDXorCDYorCDUorCDV) BobcanreadCDXandCDU BobcanreadCDXandCDV BobcanreadCDYandCDU BobcanreadCDYandCDV (2)BothreadandwriteaccessesneedtobeprovidedtogethertoanyCD ReadandwriteaccessesarecomposedofoneAlicepermissionand oneBobpermission.NeitherAlicenorBobcanhaveread/write permissionsformorethanonecompanydataset. Alicecanread/writeonlyCDX Alicecanread/writeonlyCDY Alicecanread/writeonlyCDU Alicecanread/writeonlyCDV Bobcanread/writeonlyCDX Bobcanread/writeonlyCDY Bobcanread/writeonlyCDU Bobcanread/writeonlyCDV (3)Bothread/writerequiredforCDXandCDV,andreadonlytoremaining CDs Thefollowingscenariosarevalid: AliceandBobcanbothr/wtoCDX,neithercanr/wtoCDVorreadthe remainingCDs AliceandBobcanbothr/wtoCDV,neithercanr/wtoCDXorreadthe 4.RH = {(r1, r2), (r1, r3), (r2, r4), (r2, r5), (r3, r5), (r3, r8), (r6, r3), (r6, r7), (r7, r8)} u1 u2 u4 r4 r2 r5 u5 r1 r3 r6 u3 r8 u8 u6 r7 u7 remainingCDs Alicecanr/wtoCDXandBobcanr/wtoCDV,theyarenotallowedto readtheremainingCDs Alicecanr/wtoCDVandBobcanr/wtoCDX,theyarenotallowedto readtheremainingCDs Alicecanr/wtoCDXandBobcanonlyreadCDYorCDU(orboth) Bobcanr/wtoCDXandAlicecanonlyreadCDYorCDU(orboth) Alicecanr/wtoCDVandBobcanonlyreadCDYorCDU(orboth) Bobcanr/wtoCDVandAlicecanonlyreadCDYorCDU(orboth) (a) authorized_users(r5) = u5, u1, u2, u3 and u6 authorized_users(r4) = u4, u2 and u1 (b) Will ({r2, r7}, 2) result in a conflict? r2 = u1, u2 / r7 = u6, u7 - Therefore, no conflict Will ({r5, r7}, 2) result in a conflict? r5 = u5, u2, u1, u3, u6 / r7 = u6, u7 - Therefore, conflict 5. Will ({r2, r3, r4, r7}, 3) result in a conflict? r2 = u1, u2 / r3 = u3, u1, u6 / r4 = u4, u2, u1 / r7 = u6, u7 - Therefore, no conflict (i)ItispossiblethatitcouldmakesensetoincludebothSSDandDSDina securitypolicy,butamnotsurewhyyouwouldwantthistoexist.Itwould bedifficulttomakeaproperpolicyifyouhadSSDandDSDworkingtogether giventhedifferenceinrolesvs.sessionsthatSSDandDSDrelationsimply. (ii)Intheexampleofabanktellercashingacheckthereisaneedfora separationofduty.Thisexamplecanbeexpandedintoadigitalonewhere aDSDrelationinyourpolicycouldpotentiallyleadtosecurity issues/conflictingsituation. (iii)IwouldremovetheSSD,andkeepjusttheDSDpolicybecauseIbelieveit doesabetterjobofdistributingpermissions.ThesupportprovidedbyDSD fortheprincipleofleastprivilegeensuresthatpermissionsdon'tlingerafter aspecificdutyhasbeenperformedleadingtoaneasiertosecuresystem,in myopinion.Alotofcarefulattentionneedstobeputintothepotential conflictofinterestissuesinapolicywhenausercanbeauthorizedformore thanoneroleandthoserolesareactivatedsimultaneously. ...
View Full Document

Ask a homework question - tutors are online