Docstoc

ISA 662 Homework 1 Solution Textbook Page 25 1 and 2 1 Classify each of the following as a violation of confidentiality of integrity of availability or of so

Document Sample
ISA 662 Homework 1 Solution Textbook Page 25 1 and 2 1 Classify each of the following as a violation of confidentiality of integrity of availability or of so Powered By Docstoc
					                              ISA 662 Homework 1 Solution

Textbook: Page 25 #1 and #2.
1. Classify each of the following as a violation of confidentiality, of integrity, of availability, or of
some combination thereof.
     a. John copies Mary’s homework
     Confidentiality ( homework was exposed)
     b. Paul crashes Linda’s system.
     Availability (the system is down)
     c. Carol changes the amount of Angelo’s check from $100 to $1,000.
     Integrity (the amount of the check has changed )
     d. Gina forges Roger’s signature on a deed.
     Integrity (source origin compromised)
    e. Rhonda registers the domain name “AddisonWes ley.com” and refuses to let the publishing
house buy or use that domain name
     Availability
     Integrity (users may believe Rhonda’s site is the legitimate site)
     f. Jonah obtains Peter’s credit card number and has the credit card company cancel the card
and replace it with another card bearing a different account number.
     Confidentiality (Jonah obtained Peter’s private cc number),
     integrity (Jonah acted as Peter to cancel the card, and cc number has changed)
     availability (Peter will no longer have access to his card)
     g. Henry spoofs Julie’s IP address to gain access to her computer
     Integrity (Henry acting as Julie)
     Confidentiality (Henry access Julie’s data )


2. Identify mechanisms for implementing the following. State what policy or policies they might
be enforcing.
a. A password changing program will reject passwords that are less than five characters long or
that are found in the dictionary.
     Mechanisms –An operating system password program can be used to enforce a password
     policy by requiring passwords of a minimum length.
     Policy – Passwords should be greater than 5 characters long and should not be found in the
dictionary
b. Only students in a computer science class will be given accounts on the department’s computer
system.
     Mechanism –The network administrator will create student accounts from the class roster
     Policy – Accounts should only be given to students enrolled in a computer science class
c. The login program will disallow logins of any students who enter their passwords
incorrectly three times.
     Mechanism – Login program locks the account after there incorrect logins.
     Policy – Accounts should be protected from on-line dictionary or brute-force attacks by
locking the account after there incorrect logins.
d. The permissions of the file containing Carol’s homework will prevent Robert from cheating
and copying it.
     Mechanism – Administrator only gives one user permission to access his/her own private
directory, and the homework can only places in one’s private diretory.
     Policy – Users’ files should not be accessible to other users
e. When world wide web traffic climbs to more than 80% of the network’s capacity, systems
will disallow any further communications to or from Web servers.
     Mechanism – The firewall will close the port 80 if WWW traffic reach to 80% of the total.
     Policy – Don’t allow WWW traffic to occupy the entire bandwidth.
f. Annie, a systems analyst, will be able to detect a student using a program to scan her system
for vulnerabilities.
     Mechanism – An intrusion detection system is installed, and alters when it detects an
unauthorized access.
    Policy – Students should not knowingly scan the computer systems for vulnerabilities
g. A program used to submit homework will turn itself off just after the due date.
     Mechanism – A program is used to submit the homework and will turn off according to the
system clock set in advance.
     Policy – Students should not turn in homework late.

Textbook: Page 45: #4 and #5
4. Consider the set of rights {read, write, execute, append, list, modify, own}.
     a. Using the syntax in Section 2.3, write a command delete_all_rights (p,q,s). This command
     causes p to delete all rights the subject q has over an object s.
     b. Modify your command so that the deletion can occur only is p has modify rights over s.
     c. Modify your command so that the deletion can occur only if p has modify rights over s and
     q does not have own rights over s.


    a) command delete_all_rights (p,q,s)
             delete read from a[q,s];
                  delete write from a[q,s];
                  delete execute from a[q,s];
                  delete append from a[q,s];
                  delete list from a[q,s];
                  delete modify from a[q,s];
                  delete own from a[q,s];
          end


    b)    command delete_all_rights (p,q,s)
               if modify in a[p,s]
               then
                          delete read from a[q,s];
                          delete write from a[q,s];
                          delete execute from a[q,s];
                          delete append from a[q,s];
                          delete list from a[q,s];
                          delete modify from a[q,s];
                          delete own from a[q,s];
     end


    c) command delete_all_rights (p,q,s)
                 create object t;
                 enter read into a[q,t];
                 if own in a[q,s]
                 then
                    delete read from a[q,t];
                 if modify in a[p,s] and read in a[q,t]
                 then
                          delete read from a[q,s];
                          delete write from a[q,s];
                          delete execute from a[q,s];
                          delete append from a[q,s];
                          delete list from a[q,s];
                          delete modify from a[q,s];
                          delete own from a[q,s];
               destroy object t;
     end

5. Let c be a copy flag and let a computer system have the same rights as in Exercise 4.
     a. Using the syntax in Section 2.3, write a command copy_all_rights(p,q,s) that copies all
rights that p has over s to q.
     b. Modify your command so that only those rights with an associated copy flag are copied.
The new copy should not have the copy flag.
    c. In part (b), what conceptually would be the effect of copying the copy flag along with the
right?


    a) command copy_all_rights (p,q,s)
             if read in a[p,s]
             then
                    enter read into a[q,s];
                 if write in a[p,s]
                 then
                     enter write into a[q,s];
                 if execute in a[p,s]
                 then
                    enter execute into a[q,s];
                 if append in a[p,s]
                 then
                    enter append into a[q,s];
                 if list in a[p,s]
                 then
                    enter list into a[q,s];
                 if modify in a[p,s]
                 then
                      enter modify into a[q,s];
                 if own in a[p,s]
                 then
                    enter own into a[q,s];
     end
    b) command copy_all_rights (p,q,s)
               if own in a[p,s] and copy in a[p,s]
               then
                      enter own into a[q,s];
               if modify in a[p,s] and copy in a[p,s]
               then
                      enter modify into a[q,s];
               if list in a[p,s] and copy in a[p,s]
               then
                      enter list into a[q,s];
               if append in a[p,s] and copy in a[p,s]
               then
                     enter append into a[q,s];
               if execute in a[p,s] and copy in a[p,s]
               then
                     enter execute into a[q,s];
               if write in a[p,s] and copy in a[p,s]
               then
                      enter write into a[q,s];
               if read in a[p,s] and copy in a[p,s]
               then
                    enter read into a[q,s];
               delete copy in a[q,s];
     end


    c) Q would then have copy rights to transfer to another subject, which may not be intended.


Textbook: Page 121: #6, #7 #8
6. A process may send a message to another process provided that the recipient is willing to accept
messages. The following class and methods are relevant:
Class Messages {
     Public deposit(int processed, String message);
     Public int willaccept(int processed);
…
}
The method willaccept returns 1 if the named process will accept messages, and 0 otherwise.
Write a constraint for this policy using Pandey and Hashii’s policy constraint language as
described in the first example in Section 4.5.1.


deny ( |-> Messages.deposit) when (Messages.willaccept() == 0);


7. Use DTEL to create a domain d_guest composed of processes executing the restricted shell
/usr/bin/restsh. These processes cannot create any files. They can read and execute any object of
type t_sysbin. They can read and search any object of type t_guest.


type t_sysbin, t_guest
domain d_guest = (/usr/bin/restsh);
                 (rx-> t_sysbin);
                       (rd->t_guest);


8. Suppose one wishes to confirm that none of the files in the directory /usr/spool/lpd are world
readable.
     b. What would the second field of the RIACS database contain?
     c. Tripwire does not provide a wildcard mechanism suitable for saying, “all files in the
directory /usr/spool/lpd beginning with cf or df.” Suggest a modification of the tripwire
configuration file that would allow this.

      b) The second field of the RIACS database contains the permissions of the directory. The
field must have the last digit less than 4 since it represents world permission with read as the first
bit.


        c) To support wildcard, we could let tripwire configuration file support a pattern, such as
       /usr/spool/lpd/[cd]f*.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:1841
posted:10/13/2010
language:English
pages:5