slide 38 This problem refers to the BLP used for access control to ensure confid
ID: 3572866 • Letter: S
Question
slide 38
This problem refers to the BLP used for access control to ensure confidentiality. This BLP’s “simple-policy” says that READ access to a resource is permitted only if user’s label L1 = (Authorization level, Need to know content types} dominates the resource label L2 = {Authorization level, Contents type}, (see Slide #38). The “*-policy” control WRITE access to prevent information leakage and it states that WRITE access to resource is permitted only if L2 dominates L1. Note that label dominate relation symbolized as L1 ? L2 implies: (Authorization level of L1 ? Authorization level of L2) AND (Need to know set of content types of L1 ? Content types set of resources). Therefore, READ access is granted only if the above condition is TRUE and Write Access is granted only the above condition is FALSE. In the Table given, fill in the last two columns with YES, NO, BOTH or NONE
"Dominates' Relationship A set of security labels Authorization Level, Sensitivity) Policy to Grant of access: Labe 2 Labels Label (L1, C1) dominates (L2, C2) only if L L2 in the ordering on authorization levels and C2 c C Written as, Label 2 Label2 Sensitivity LD Authorization LA Grant Read Access? (Secret; (Plans) (Secret, Plans) Yes (Top Secret; Plans) (Secret, (Keys) No (Secret, Plans. Keys) (Unclassified, Yes (Secret, (1) (Secret, (Plans. Keys) No The 'Dominate' relationship suggests, it can be used to implement a 'read' object policyExplanation / Answer
1) read access - yes; write access - yes
L1 = l2 and c2 {plans} is a subset of c1{plans,menu}
2) read access - no; write access - no
C2 is not a subset of c1
3)read access - no; write access - yes
L2>l1
4) read access - yes; write access - yes
L1 = l2 and c2 is subset of c1(every set is a subset of itself)
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.