Question: Consider a computer system with three users: Alice, Bob, and Cyndy. Alice owns the file alicerc, and Bob and Cyndy can read it. Cyndy can
Consider a computer system with three users: Alice, Bob, and Cyndy. Alice owns the file alicerc, and Bob and Cyndy can read it. Cyndy can read and write Bob's file bobrc, but Alice can only read it. Only Cyndy can read and write her file cyndyrc. Assume that the owner of each of these files can execute it.
| USERS | ALICERC | BORBC | CYNDYRC |
| ALICE | OX | R | NO ACCESS |
| BOB | R | OX | NO ACCESS |
| CYNDY | R | RW | ORWX |
Cyndy gives Alice permission to read cyndyrc, and Alice removes Bob's ability to read alicerc.
| USERS | ALICERC | BORBC | CYNDYRC |
| ALICE | OX | R | R |
| BOB | NO ACCESS | OX | NO ACCESS |
| CYNDY | R | RW | ORWX |
| Ease of | Per-subject access control | Per-object access control | Access control matrix | Capability |
| Determining authorized access during execution | Good/easy | Good/easy | Good/easy | Excellent |
| Adding access for a new subject | Good/easy | Excellent | Not easy | Excellent |
| Deleting access by a subject | Excellent | Excellent | Excellent | Excellent |
| Creating a new object to which all subjects by default have access | Not easy | Excellent | Easy | Easy |
Question 1.
Suppose a per-subject access control list is used. Deleting an object in such a system is inconvenient because all changes must be made to the control lists of all subjects who did have access to the object. Suggest an alternative, less costly means of handling deletion.
Question 2.
One feature of a capability-based protection system is the ability of one process to transfer a copy of a capability to another process. Describe a situation in which one process should be able to transfer a capability to another.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help