Computer Security: Art and Science

19.8 Exercises

1:
Distinguish between a policy requirement and a mechanism. Identify at least three specific security requirements for a system you know and describe at least two different mechanisms for implementing each one.
2:
Justify that the four security properties in System X (see the example that begins on page 506) are consistent with the Bell-LaPadula properties. Use the System X statements in this chapter. Identify any information you may need to complete the justification that you do not find in this material.
3:
In System Y (see the example on page 509), assumption A3 restricts the access to authentication data to administrators. Should this assumption have been used in the justification of threat T1? Why or why not? If yes, create the appropriate statements to add to the justification given above.
4:
Pick a life cycle development model not discussed in Chapter 18 and describe how useful it is for development of secure and trusted products.
5:
This exercise deals with the external specifications discussed in Section 19.2.4.1.

Write the external functional specification for the login function in the example that begins on page 525.
Write the external functional specification for the change_password function in the example that begins on page 525.

Top

1:	Distinguish between a policy requirement and a mechanism. Identify at least three specific security requirements for a system you know and describe at least two different mechanisms for implementing each one.
2:	Justify that the four security properties in System X (see the example that begins on page 506) are consistent with the Bell-LaPadula properties. Use the System X statements in this chapter. Identify any information you may need to complete the justification that you do not find in this material.
3:	In System Y (see the example on page 509), assumption A3 restricts the access to authentication data to administrators. Should this assumption have been used in the justification of threat T1? Why or why not? If yes, create the appropriate statements to add to the justification given above.
4:	Pick a life cycle development model not discussed in Chapter 18 and describe how useful it is for development of secure and trusted products.
5:	This exercise deals with the external specifications discussed in Section 19.2.4.1. Write the external functional specification for the login function in the example that begins on page 525. Write the external functional specification for the change_password function in the example that begins on page 525.