CS 450/650 Fundamentals of Integrated Computer Securit

Spring 2011

Homework 4 : System Security

Due on Wednesday, Apr 20 at 11:00 am

1 : What is the recent attack on web sites and which web sites are vulnerable?

The following problems are from the text book (Pfleeger, 4th edition):

Chapter 3:

4 : Could a computer program be used to automate testing for trapdoors? That is, could you design a computer program that, given the source or object version of another program and a suitable description, would reply Yes or No to show whether the program had any trapdoors? Explain your answer.

Chapter 4:

10 : If two users share access to a segment, they must do so by the same name. Must their protection rights to it be the same? Why or why not?

19 : List two disadvantages of using physical separation in a computing system. List two disadvantages of using temporal separation in a computing system.

25 :False positive and false negative rates can be adjusted, and they are often complementary: Lowering one raises the other. List two situations in which false negatives are significantly more serious than false positives.

Chapter 5:

1 : A principle of the BellLa Padula model was not mentioned in this chapter. Called the tranquillity principle, it states that the classification of a subject or object does not change while it is being referenced. Explain the purpose of the tranquillity principle. What are the implications of a model in which the tranquillity principle is not true?

5 : Can a user cleared for <secret;{dog, cat, pig}> have access to documents classified in each of the following ways under the military security model?

<top secret;dog>
<secret;{dog}>
<secret;{dog,cow}>
<secret;{moose}>
<confidential;{dog,pig,cat}>
<confidential;{moose}>

6 : According to the BellLa Padula model, what restrictions are placed on two active subjects (for example, two processes) that need to send and receive signals to and from each other? Justify your answer.

What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy of the solutions) to be uploaded as a single document to WebCT.