Computer and Network Security

1. Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the catergories. A, B, C, specify what type of access ( read, write, or neither) is allowed in each of the following situations. Assume that discretionary access controls allow anyone access unless otherwise specified.

a. Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified (SECRET, {B,C}).

b. Anna, cleared for (CONFIDENTIAL, {C} ), wants to access a document classfied (CONFIDENTIAL, {B}).

c. Jesse, cleared for ( SECRET, {C}), wants to access a document classified (CONFIDENTIAL, {A}).

2. Suppose a system implementing Biba's model used the same labels for integrity levels and categories as for security levels and categories. Under what conditions could one subject read an object? Write to an object?

3. Someone once observed that "the difference between roles and groups is that a user can shift into and out of roles, whereas that user has a group identity ( or identities) that are fixed throughout the session."

a. Consider a system such as a System V-based UNIX system, in which a process can have exactly one group identity. To change groups, users must execute the newgrp command. Do these groups differ from role? Why or why not?