Computer Security: Art and Science

7.8 Exercises

1:
Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model.
2:
Develop a construction to show that a system implementing the Chinese Wall model can support the Bell-LaPadula Model.
3:
Show that the Clinical Information System model's principles implement the Clark-Wilson enforcement and certification rules.
4:
Consider using mandatory access controls and compartments to implement an ORCON control. Assume that there are k different organizations. Organization i will produce n(i, j) documents to be shared with organization j.

How many compartments are needed to allow any organization to share a document with any other organization?
Now assume that organization i will need to share n_m(i, i₁, …, i_m) documents with organizations i₁, …, i_m. How many compartments will be needed?
5:
Someone once observed that "the difference between roles and groups is that a user can shift into and out of roles, whereas that user has a group identity (or identities) that are fixed throughout the session."

Consider a system such as a Berkeley-based UNIX system, in which users have secondary group identities that remain fixed during their login sessions. What are the advantages of roles with the same administrative functions as the groups?
Consider a system such as a System V-based UNIX system, in which a process can have exactly one group identity. To change groups, users must execute the newgrp command. Do these groups differ from roles? Why or why not?
6:
The models in this chapter do not discuss availability. What unstated assumptions about that service are they making?
7:
A physician who is addicted to a pain-killing medicine can prescribe the medication for herself. Please show how RBAC in general, and Definition 7�12 specifically, can be used to govern the dispensing of prescription drugs to prevent a physician from prescribing medicine for herself.

Top

1:	Devise an algorithm that generates an access control matrix A for any given history matrix H of the Chinese Wall model.
2:	Develop a construction to show that a system implementing the Chinese Wall model can support the Bell-LaPadula Model.
3:	Show that the Clinical Information System model's principles implement the Clark-Wilson enforcement and certification rules.
4:	Consider using mandatory access controls and compartments to implement an ORCON control. Assume that there are k different organizations. Organization i will produce n(i, j) documents to be shared with organization j. How many compartments are needed to allow any organization to share a document with any other organization? Now assume that organization i will need to share n_m(i, i₁, …, i_m) documents with organizations i₁, …, i_m. How many compartments will be needed?
5:	Someone once observed that "the difference between roles and groups is that a user can shift into and out of roles, whereas that user has a group identity (or identities) that are fixed throughout the session." Consider a system such as a Berkeley-based UNIX system, in which users have secondary group identities that remain fixed during their login sessions. What are the advantages of roles with the same administrative functions as the groups? Consider a system such as a System V-based UNIX system, in which a process can have exactly one group identity. To change groups, users must execute the newgrp command. Do these groups differ from roles? Why or why not?
6:	The models in this chapter do not discuss availability. What unstated assumptions about that service are they making?
7:	A physician who is addicted to a pain-killing medicine can prescribe the medication for herself. Please show how RBAC in general, and Definition 7�12 specifically, can be used to govern the dispensing of prescription drugs to prevent a physician from prescribing medicine for herself.