Scribd
Upload
103 views

Assignment 1

This document contains an assignment for an engineering course on software safety and security. It includes 4 questions assessing understanding of access control matrices, rights management, and security clearances. Question 1 has 3 parts asking for examples of when certain statements about prevention, detection and recovery are true. Question 2 involves creating and modifying an access control matrix. Question 3 asks to write commands modifying rights. Question 4 involves specifying allowed access based on security clearances and categories. The assignment is due on September 21st, 2016 and can be submitted in class or by email.

Uploaded by

Dwarakanath Tula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
103 views

Assignment 1

This document contains an assignment for an engineering course on software safety and security. It includes 4 questions assessing understanding of access control matrices, rights management, and security clearances. Question 1 has 3 parts asking for examples of when certain statements about prevention, detection and recovery are true. Question 2 involves creating and modifying an access control matrix. Question 3 asks to write commands modifying rights. Question 4 involves specifying allowed access based on security clearances and categories. The assignment is due on September 21st, 2016 and can be submitted in class or by email.

Uploaded by

Dwarakanath Tula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Department of Software Engineering - Lakehead University

Engineering 4250: Software Safety and Security


Fall 2016 Assignment 1

Due: September Wednesday 21th of September, 2016 by 5 PM


(you may deliver the solution in class or by email)
[3 Points] Question 1(Text book chapter 1 problem 7)
For each of the following statements, give an example of a situation in which the
statement is true.
a. Prevention is more important than detection and recovery.
b. Detection is more important than prevention and recovery.
c. Recovery is more important than prevention and detection

[6 Points] Question 2 (Text book chapter 2 problem 1)


Consider a computer system with three users: Alice, Bob, and Cyndy. Alice owns the
file alicerc, and Bob and Cyndy can read it. Cyndy can read and write the file bobrc,
which Bob owns, but Alice can only read it. Only Cyndy can read and write the file
cyndyrc, which she owns. Assume that the owner of each of these files can execute it.
a. Create the corresponding access control matrix.
b. Cyndy gives Alice permission to read cyndyrc, and Alice removes Bobs ability to
read alicerc. Show the new access control matrix.

[6 Points] Question 3 (Text book chapter 2 problem 2)


Consider the set of rights {read, write, execute, append, list, modify, own}.
a. Using the syntax in Section 2.3, write a command delete_all_rights (p, q, s). This
command causes p to delete all rights the subject q has over an object s.
b. Modify your command so that the deletion can occur only if p has modify rights over
s.
c. Modify your command so that the deletion can occur only if p has modify rights over s
and q does not have own rights over s.

[5 Points] Question 4 (Text book chapter 5 problem 2)


Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and
UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C,
specify what type of access (read, write, both, or neither) is allowed in each of the
following situations. Assume that discretionary access controls allow anyone access
unless otherwise specified.
a. Paul, cleared for (TOP SECRET, { A, C }), wants to access a document classified
(SECRET, { B, C }).
b. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified
(CONFIDENTIAL, { B }).
c. Jesse, cleared for (SECRET, { C }), wants to access a document classified
(CONFIDENTIAL, { C }).
d. Sammi, cleared for (TOP SECRET, { A, C }), wants to access a document classified
(CONFIDENTIAL, { A }).
e. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to
access a document classified (CONFIDENTIAL, { B }).

You might also like