| 1: | Both ACLs and C-List entries use "owners" (users) rather than individual processes. Why? |
| 2: | Alice can read and write to the file x, can read the file y, and can execute the file z. Bob can read x, can read and write to y, and cannot access z.
Write a set of access control lists for this situation. Which list is associated with which file? Write a set of capability lists for this situation. With what is each list associated?
|
| 3: | Revoking an individual's access to a particular file is easy when an access control list is used. How hard is it to revoke a user's access to a particular set of files, but not to all files? Compare and contrast this with the problem of revocation using capabilities. |
| 4: | Explain why some UNIX-based systems with access control lists do not allow root to alter the ACL. What problems might this raise? |
| 5: | It is said that UNIX uses access control lists. Does the UNIX model include capabilities as well as access control lists? (Hint: Consider file descriptors. If a file is opened, and its protection mode is changed to exclude access by the opener, can the process still access the file using the file descriptor?) |
| 6: | Suppose a user wishes to edit the file xyzzy in a capability-based system. How can he be sure that the editor cannot access any other file? Could this be done in an ACL-based system? If so, how? If not, why not? |
| 7: | Consider implementing secret sharing using the locks and keys or-access and and-access controls. Let each encipherment operation take one unit of time, and let each enciphered datum take one unit of space. Under each of the following conditions, how much time and space are needed to store a datum so that t out of n people can reconstruct the datum?
For t = 3 and n = 10 For t = 5 and n = 10 For general t and n (That is, give the general formulae for space and time.)
|
| 8: | Consider Multics procedures p and q. Procedure p is executing and needs to invoke procedure q. Procedure q's access bracket is (5, 6) and its call bracket is (6, 9). Assume that q's access control list gives p full (read, write, append, and execute) rights to q. In which ring(s) must p execute for the following to happen?
p can invoke q, but a ring-crossing fault occurs. p can invoke q provided that a valid gate is used as an entry point. p cannot invoke q. p can invoke q without any ring-crossing fault occurring, but not necessarily through a valid gate.
|
| 9: | Consider Multics procedure p and data segment d. Procedure p is executing and needs to access segment d. Segment d's access bracket is (5, 6). Assume that d's access control list gives p full (read, write, append, and execute) rights to d. In which ring(s) must p execute for the following to happen?
p can read, write to, and append to d. p can read d but not write to or append to d. p cannot access q.
|
| 10: | Although most systems allow objects to have only one owner, it is possible for an object to have two (or more) owners. Consider ownership as a right that allows the changing of capabilities (or access control lists). How might you implement this right using capabilities? How might you implement it using access control lists? Contrast these implementations of capability lists and access control lists with PACLs. |
