1. (DUE October 18, 2005 by midnight EDT) Briefly discuss what you learned from the readings in chapters 15-16:
   • What was the most surprising thing you learned?
   • What was the most difficult part for you?
2. (DUE October 18, 2005 by midnight EDT) Select one of the following questions to discuss in detail through the threaded discussion.
   • According to Andrew C. Myers & Barbara Liskov in A Decentralized Model for Information Flow Control in the introduction to their paper - "The common models for computer security are proving inadequate. Security models have two goals: preventing accidental or malicious destruction of information, and controlling the release and propagation of that information. Only the first of these goals is supported well at present, by security models based on access control lists or capabilities (i.e., discretionary access control, simply called ``access control'' from this point on). Access control mechanisms do not support the second goal well: they help to prevent information release but do not control information propagation.". Do you agree or disagree? Explain why?
   • Discuss how the Security Pipeline Interface in Section 15.4.1 can prevent information flows that violate a confidentiality model. (Hint: Think of scanning messages for confidential data and sanitizing or blocking that data.)
   • Consider the rule of transitive confinement. Suppose a process needs to execute a subprocess in such a way that the child can access exactly two files, one only for reading and one only for writing.
     1. Could capabilities be used to implement this? If so, how?
     2. Could access control lists implement this? If so, how?
3. (DUE Oct. 23, 2005 by midnight EDT) Select a discussion from one or more of your classmates and respond to their comments.

Click here to return to Wayne's World's homepage: