CS5430 Homework 5: Mandatory Access Control

Due Monday April 16, 10am. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .doc, .docx, or .pdf, as follows:

• Use 10 point or larger font.
• Start each problem's solution on a new page.
• Use at most 1 page per problem.
• Put your name and net id on each page. Failure to do so will result in a grade deduction.

Problem 1:

You are consulting to a new Internet start-up company, AppropriateTube, whose value proposition is facilitating the creation and dissemination of age- and belief-appropriate videos for impressionable children. Age is measured in terms of integers (representing years since birth) and defines the minimum age of an appropriate viewer; beliefs are characterized by a set of the following terms, called content-descriptors:

Alcohol, Bambi, BarbieAndKen, Barney, Disrespect, Evolution, Intelligent_Design, Sexuality, TeddyBears, VerbalAbuse, Violence .

The system envisaged by AppropriateTube would work as follows.

• An AppropriateTube web site (www.NoOffense.com) stores videos that users contribute. Each stored video includes meta-data that gives an age and a set of content-descriptors. The age is the minimum age for a viewer; the content-descriptors summarize what the video contains.

• AppropriateTube provides a video-uploader program that parents can use to upload new videos to www.NoOffense.com. Prior to storing a video, this video-uploader program creates meta-data for the video by asking questions of the user about the contents of the video. Assume that parents are truthful in answering these questions.

• AppropriateTube provides a mash-up creation program that allows children to download videos and then create a new video by concatenating some subset of the videos that were downloaded, storing the result as a new video in www.NoOffense.com. The mash-up creation program automatically creates the meta-data for this new longer video.

• AppropriateTube provides a video-viewer program that is invoked from within the mash-up creation program and/or can be run stand-alone by children wishing to view videos stored at www.NoOffense.com. The video-viewer program starts by reading child-viewing-allowed.config, a local configuration file corresponding to the child on whose behalf the video-viewer program was invoked. This file is specified by a parent and gives
  • The birth year of the child who is running the program.
  • A list of content-descriptors specifying all content the child is allowed to see.
  Thereafter, the video-viewer program will display only those videos that are age-appropriate and belief-appropriate for the child.

Give rules for how the meta-data for each video should be used by the video-viewer program and the rules for how it should be produced by the mash-up creation program.

Problem 2:

The usual accounts of Bell-LaPadula are silent about the response generated when a read or write operation would violate the BLP access rules. For this assignment, assume that such an access attempt returns an error message "Access Denied: File unavailable". And assume that an attempt to access a file that does not exist returns the same message.

1. Suppose we wish to support an additional operation

      createFile( FName , Lbl )
   

   whose execution creates a new empty file that is named FName and has label Lbl. What, if any, rules about labels should be imposed on execution of createFile if we want to ensure that classified information doesn't leak.
2. Suggest error messages to be returned from invoking the createFile for the following two cases:
   1. the rule you suggest in (a) is not satisfied.
   2. the rule you suggest in (a) is satisfied but a file with name FName already exists.
   Give a rationale for the wordings you propose.

Problem 3: