Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Computer Security: Art and Science by Matt Bishop. ISBN:978-0321712332 Chapter 2

ID: 657744 • Letter: C

Question

Computer Security: Art and Science by Matt Bishop. ISBN:978-0321712332

Chapter 26 Page 799

Section 26.2.2. Augment the matrix with the change right. This right allows the user to alter the classes of other users in that category. For example, if user Amy had change rights over the class "developers," she could change the class of user Tom, who is currently in the "developers" class, to any of the other four classes.

A)Let Alice be a member of the SSO class, and let her have change rights over the "developers" and "employees" classes. Let Bob be a member of the SSO class, with change rights over "outsiders" and "employees." Redraw the matrix for this situation and write rules describing the allowed transformations of the matrix.

B)Describe any problems that might occur if Alice and Bob were not careful about the changes of classes they made. Could information leak in undesired ways? If so, give an example. If not, show why not.

C)Should members of the SSO class be allowed to apply the change right to members of that class? Justify your answer. In particular, state what damage could occur if this were allowed, and if it were not allowed.

Explanation / Answer

A) Augmented matrix

The transformation rules are :-

B) If Alice and Bob are not careful about the changes they made then it can lead to information leakage and unauthorized data modification.

Yes, information can leak in undesired ways if they were not careful abut the changes they made.

Suppose Tom has only read permission in developer class. Now since Alice has change permission in developer class so she can change the class of Tom. If Alice changes the class of Tom to employees then Tom will accidentally gain change permission over employees class and this would lead to information leakage.

C) Members of the SSO class should not be allowed to apply the change rights to members of that class.

Since Alice is a member of the SSO class she can intentionally modify the class of herself to Outsiders and give her write permission over there. But she is actually having read permission on outsiders class. Thus information leakage can occur leading to data damage.

Developers Employess Outsiders Alice read, write read, write read Bob read read, write read, write

Related Questions

Computer Science Object Oriented Programming Question 3.13 (Invoice Class) Creat
Question #3879167
Computer Science PLEASE FILL IN THE BLANK....MAX POINTS OFFERED Question 1 Quest
Question #3559177
Computer Science Program: Binary Belle Everyone knows that Belle, from Beauty an
Question #3834904
Computer Science Program: Binary Belle Program in C Everyone knows that Belle, f
Question #3801513
Computer Science Program: Binary Belle Program in C Everyone knows that Belle, f
Question #3802665
Computer Science Programming in C. Read the values and store them into an array
Question #3569604
Computer Science Question (Part 2): I need to create a new linked-list class tha
Question #3805143
Computer Science Question 1 What is the index of the first element accessed in t
Question #3559684
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Computer Security question..... Consider the following C code: 1 void greet{char
Next
Computer Security: Art and Science by Matt Bishop. ISBN:978-0321712332 This ques

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.