Assignment 5

On chapter 10

 

Due: September 22, 2009, Midnight EST

Total: 25

               Important Note:

·         Do not give URL or link in your answer. Write in your own language.

·         If you get information from some Internet site, you may want to include the website as a reference. But your answer must contain complete explanation or rationale in your own language.

 

1. What is the importance of “no read up” rule for security of a multi-level system? What is the significance of “no write down” rule?   10 pts

 

2. The *-property requirement for append access is : SC(S) <= SC(O). Why is it slightly different [SC(S) = SC(O)] for write access. Explain.    4 pts

 

3. Identify rules of Clark-Wilson model from each of the descriptions below:   6 pts

a.       Provide basic framework to ensure internal consistency of the CDIs.

b.      Maintain a record of TPs.

c.       Control the use of UDIs to update or create CDIs.

 

4. How do you secure your system against Trojan Horse attacks? Consider the following direction of attack by Alice: Alice logging on and attempting to read the string directly. Does the reference monitor prevent this attack? Why or why not?   5 pts