CS5430 Homework 4: Discretionary Access Control
General Instructions.
You are expected to work alone on this assignment.
Due: March 26 (Tues) 11:59pm.
No late assignments will be accepted.
Submit your solution using CMS.
Prepare your solution as a single .pdf.
Problem 1:
Exercise 7.4 (a) and (d) in
on-line notes.
Problem 2:
Exercise 7.6 (b) in on-line notes.
Problem 3:
Exercise 7.18 in on-line notes,
assuming that capabilities held by a user process are stored someplace
in a (very large) address space that can be read and/or written by that process.
Problem 4:
Exercise 7.19 in
on-line notes.
Problem 5:
We define a coarse-grained object to be an object
that is obtained by combining the state and operations from a collection
of (ordinary) fine-grained objects,
and we define a fine-grained principal to be a principal that
executes for a short period and accesses only a few fine-grained objects.
Discuss the extent to which
the authorization benefits of fine-grained objects
can be achieved for each of the following
strategies.
-
Only employ coarse-grained objects, where you may define as many
different kinds of privileges and operations as necessary.
-
Only employ fine-grained principals, where you may define as many
different kinds of privileges and operations as necessary.
Problem 6:
Exercise 7.35 in on-line notes.
Extra Credit:
Suppose at most one privilege can be granted to any single principal for each
given object.
Under this restriction, is the "privilege propagation" problem still
undecidable?
Justify your answer by explaining how the proof in
on-line
notes fails or can be extended.